The Twitter storm

Facebook’s stock price is falling. It has fallen 15% from its high point at the end of January. Given Facebook’s current embarrassment with Cambridge Analytica, the political data analytics firm, it is probably destined for further decline. The facts, as reported by the media, are that Cambridge Analytica harvested “private information” from 50 million Facebook users in its efforts to influence the 2016 US election.

The trick Cambridge Analytica used to “liberate” this trove of personal data was as follows: It engaged a firm called Global Science Research build a downloadable Facebook app called “This is your digital life.” The app paid Facebook users small rewards to take a “personality quiz” which was supposed “to be used for academic research.” This netted the data of about 270,000 Facebook users directly. However, the app was programmed also to scoop up personal data of those Facebook users’ friends. And that enabled it to assemble the personal profile data of tens of millions of US citizens. Clever, but not it seems in violation of Facebook’s terms of use.

Psychographic Modeling

Cambridge Analytica performed psychographic modeling on that data. Psychographic modeling involves analyzing people’s behavior according to their attitudes, values, and lifestyles. This is in distinction to modeling based on socio-demographic factors such as household income, living environment, profession, marital status and educational level. In some areas of behavior, psychographic factors are better behavioral predictors than socio-demographic factors, and this is the case when it comes to how someone will vote.

Naturally, both psychographic and socio-demographic data have predictive value across the full spectrum of consumer behavior. However, a curious aspect of psychographic modeling is that people rarely know what their psychographic profile is while they always know what makes up their socio-demographic profile. This is why some analytics companies, Cambridge Analytica included, will claim they can discover more about someone than they themselves know.

There’s something wrong with that, don’t you think?

Never Mind, Here Comes The Cavalry…

US social network businesses, Facebook in particular, will be in for a rude awakening when the GDPR Juggernaut rolls up and knocks on their door. (If you want the nitty-gritty on GDPR read these three articles: GDPR: Goddam Privacy Regulations, Got a Data Protection Officer? and What Are Those Data Rights?) If you don’t have the time for that, then here’s a very brief summary:

If you live in the EU, you own your data.

If any business anywhere in the world violates that data, they are breaking the law and can be fined up to 4% or their annual revenue, in a European court.

GDPR comes into effect in May 2018.

There are data laws in the US that Facebook may have violated by enabling external access to its customers’ data, and in the EU too, of course. But if they allow such an exploit to occur to the data of even a few EU citizens after GDPR day in May 2018, the EU will fine them into oblivion. Facebook is probably already in the crosshairs of EU data protection enthusiasts.

One of the nuances of European Data Protection Law is that a business has a responsibility both for the personal data it holds and for what happens to that data if they enable any other business to use it — and by the way, they can only do that if they get permission for such use.

Our Thoughts and Conclusions About Data Privacy

Permission.io (formerly Algebraix), for whom I am the Chief Strategy Officer, has built an app that allows you to control your personal data. For that reason, because we were aware of the advent of GDPR and the broad nature of its data protection rules, we began with the idea that perhaps we, as a company, could build our apps so that we never needed to know any of our users’ the data. At the time, it seemed like a huge constraint, but we were brainstorming. So we started from: “users will have complete control of all the data they input and all the data the app collects about them.” They could permit some of their data to be used by Permission.io (temporarily), but only non-identifying data.

The primary activity of Permission.io platform is to enable users to earn from their data and their attention, by viewing ads and sponsored content. Thus, there is a need for content providers to be able to target users. In practice, it wasn’t that difficult to design a schema where users could be targeted without the sponsor knowing anything about the targets other than that they provably qualified as targets for their content.

The techniques that enable this are interesting in a general sense. It became clear from design discussions that, because of blockchain technology, there are innovative ways for software to validate data (as genuine) without it needing access to the data values themselves.

So consider, as a business level example, a mortgage application. The mortgage company does not need to know who they are lending to; they only need to know that genuine guarantees exist and can be invoked if the mortgagee ceases paying for whatever reason before the mortgage is fully paid. Similarly, in selling mortgages, the company only needs to be able to target likely customers and present them with a competitive offer for their business. The point is that companies do not need to see your data, they only need to know with complete certainty that you fit a particular profile.

Right now, we have little doubt that the world will evolve towards the general use of such software techniques and business models that employ them. We are by no means the only blockchain company focusing on this.

Back To The Facebook Debacle

The dodge Cambridge Analytica pulled on Facebook to harvest a huge personal data resource was not original. Other Facebook app builders with different motivations have reportedly pulled the same trick. US citizens have never previously cared much about data rights — but they do now. Go to twitter and search on #Deletefacebook to get a sense of this. And, late to the party but sure to turn up, US politicians are now beginning to discuss legislation on Data Rights.

The beginning of the end for Facebook? Maybe.

Robin Bloor Ph D. is the Technology Evangelist for Permission.io, author of The “Common Sense” of Crypto Currency, cofounder of The Bloor Group and webmaster of TheDataRightsofMan.com.