WATERLOO REGION — As Facebook CEO Mark Zuckerberg was preparing to testify before U.S. lawmakers in Washington this week, Karolina Godwinska was taking a hard look at the apps causing widespread outrage with the social media giant.

"I don't think I have ever used most of these," Godwinska says as she looks at the 37 apps on her Facebook account. "I didn't even know that most of these apps had access to my Facebook."

Godwinska is a first-year kinesiology student at the University of Waterloo. She's had a Facebook account since Grade 8 and uses it mostly to stay in touch with family in Europe.

The apps access her name, age, gender, profile picture, friend list and whole lot more. It is alleged that data mining firm Cambridge Analytica used personal data like that from an estimated 87 million Facebook accounts to influence elections in the United Kingdom, the United States, Nigeria and elsewhere.

"I use Pinterest. I used to use Candy Crush. Crosswords, I think I used that once. I used this, PicMonkey, when I was younger, it is for picture editing," Godwinska says as she scrolls through the apps, most of which she did not recognize.

There is an app she downloaded, but never used, for mapping fitness runs. That app still accesses her personal data as it sits there unused. There is one for free Wi-Fi in Toronto, which accesses her birthday, current city and email address, among other information.

"Why does Toronto Wi-Fi need my birthday or where I currently live?" says Godwinska. "That's crazy. Is there any way to control it or turn it off."

Yes, is the short answer, says Aimée Morrison, a UW English and literature professor, specializing in computer technologies, digital media and multimedia. She urges Facebook users to delete the apps.

"Whatever information they already have on you they get to retain, but they can not come back and get any more about you," she says.

There is a blue bar along the top of a Facebook account. On the far right side of that bar is a triangle. Click on it, scroll down and select "Settings." That takes you to the page called "General Account Settings." Go to the left side of the screen, and click on "Apps and Websites."

From there you can delete apps, or restrict some of the information they can access. Facebook users can also download all of the data Facebook has collected on you.

"A lot of people have clicked on a lot of things over the years and they will have literally 60 of these third-party apps," says Morrison.

Usually, personal information is sold to advertisers, who target ads at you based on your interests. But that kind of surveillance capitalism shades into nefarious political manipulation when Cambridge Analytica created fake accounts and propaganda during elections, says Morrison.

"It was precisely one of these third-party apps that was collecting personal information for Cambridge Analytica," she says.

With about two billion accounts, and 1.2 billion active users, Facebook is among five corporations that dominate the internet, along with Google, Amazon, Apple and Microsoft.

Federal and provincial privacy commissioners in Canada should have access to all the data Facebook collects on individuals to protect the users and the integrity of elections, says Jennifer Whitson, a professor of sociology and legal studies at UW, who specializes in surveillance studies.

"This is going to be the new battlefield over privacy," she says.

Consent forms and user agreements drafted by companies such as Facebook are ridiculously complex and change every few months, so it unfair to put the onus on individual users, she says.

The European Union has new legislation called the General Data Protection Regulation or GDPR that comes into effect May 25 and will fundamentally change how corporations such as Facebook use personal data.

Proper consent must be obtained from users before data is collected, and when individuals ask a corporation to delete all of the data it holds on them, the company must comply, Whitson says. "You have the right to be forgotten."

The European legislation calls for huge fines — 10 million euros or two per cent of the previous year's annual revenue, whichever is higher.

"It is beautiful," says Whitson.

The Canadian Civil Liberties Association has called for tighter regulations around the collection and use of personal data by corporations. In short, the association says personal information should only be collected when it is essential to providing the services the company offers.

Before companies collect it, keep it or sell it, "they have to ask themselves: Is it needed for the service they are providing to consumers?," says Brenda McPhail, director of the association's Privacy, Technology and Surveillance Project.

"That would help, that's a big one."

There needs to be more transparency in user agreements, too, says McPhail.

"Right now you have a one-click-agrees-to-all model," she says. "Take it or leave it, if you want to use our service you will let us do whatever we want."

Loading... Loading... Loading... Loading... Loading... Loading...

Privacy commissioners should also be given powers of enforcement, McPhail says. Currently, commissioners can do little more than make public breaches of privacy.

"We need to make sure there are teeth to the law," she says. "We need to have our privacy watchdog administer consequences to those violating our rights."

A more targeted approach to regulating how Facebook uses personal data was developed by Robert Kerton, a professor of economics at UW. He is the lead researcher on a project involving six universities and the four largest consumer protection organizations in Canada.

"It is naïve to think Mr. Zuckerberg wants us to select security settings because if we do that, it decreases the value of the rich trove of personal information Facebook can sell," says Kerton, former president of the American Council of Consumer Interests, an international association of researchers and policy experts working on consumer issues.

"Instead, we should allow users to opt in to sharing private details for a small fee. A modification of this business model is an offer to click 'Share' or 'Don't share' each time a user provides personal information," he says.

Or Facebook could pay individuals for the use of their data by sending them a cheque once a year, says Kerton.

"That is a business model that could work because Facebook would prefer to be able to sell your data."

It's not too late or difficult to regulate how personal data is used by social media platforms, says Kerton.

"Right now, you are sharing all these private details that allow the political manipulation of you," he says. "That's why it is risky. By providing information on your core political and religious beliefs, you are allowing yourself to manipulated by Cambridge Analytica and other users of Facebook."

Zuckerberg met behind closed doors with U.S. legislators on Monday in advance of his appearance in the Senate on Tuesday and a congressional committee on Wednesday.

No matter what he says, many Facebook users already have a new-found wariness about the social media behemoth.

"I don't remember these," Melika Sedaghati says as she looks at third-party apps on her Facebook account. She clicks on a music-related app and sees it has access to her profile picture, friend list, email address and more.

"I actually didn't know they could do this," says Sedaghati, a student in third-year health studies at UW.

Megan Smith is about to graduate from Waterloo with a degree in legal studies and English. She's been using Facebook since Grade 6, and she too was surprised to find so many apps on her account that she has no memory of using.

"That's far too invasive," says Smith.

tpender@therecord.com, Twitter: @PenderRecord

- You have no secrets