EU to investigate Facebook and Cambridge Analytica data misuse

The UK and Europe want to know if their citizens' privacy was violated along with that of their US Facebook friends.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
4 min read
Social Media Data Security

The EU wants to know if its citizens' rights were violated by social media platforms.


Millions of US voters had their Facebook data exploited by consultants working for Donald Trump's presidential campaign, according to news reports this weekend. But the fallout from the revelations extends far and wide beyond US borders.

The EU will investigate whether the privacy rights of European citizens have been violated by social media companies that may have shared their data illegally, said President of the European Parliament Antonio Tajani on Monday.

"Allegations of misuse of Facebook user data is an unacceptable violation of our citizens' privacy rights," said Tajani on Twitter.

Tajani's comments follow three days of news reports about the activities of Cambridge Analytica, a UK-based company best known for working on President Trump's 2016 election campaign. The company took advantage of data harvested from Facebook accounts in order to build psychological profiles of voters that they could then target with ads, according to reports by The New York Times and Guardian.

According to former Cambridge Analytica employee-turned-whistleblower Chris Wylie, a University of Cambridge researcher named Aleksandr Kogan harvested the data through a personality quiz developed by his own company General Science Research (GSR), Facebook said. GSR extracted data about Facebook users who took part in the quiz -- as well as data about their friends -- and passed it on to Cambridge Analytica. GSR paid around 270,000 people to take the quiz, but in doing so managed to access the profile information of over 50 million Facebook users, the Times reported. 

Facebook changed the rules about app developers being able to access the data belonging to users' friends in 2015. Prior to this, developers would have been able to harvest this data legitimately, meaning that profile information belonging to EU citizens could have been scooped up along with data belonging to their US Facebook friends.

The EU has much stricter privacy and data protection laws than the US, and they are about to get even stricter with the introduction of the Europe-wide General Data Protection Regulation (GDPR) this May. European privacy laws apply to all companies operating within Europe, no matter where they are based, giving US social media companies a strict set of rules to abide by. Even under current laws, misuse of citizen data can result in massive fines for the companies responsible.

Along with the European Parliament, EU Justice Commissioner Věra Jourová‏ also said she would be seeking to discuss the reports with Facebook when she visits the US government this week.

"Horrifying, if confirmed," she said about the reports in a tweet. "I expect the companies to take more responsibility when handling our personal data."

Meanwhile, in the UK...

In the UK, Cambridge Analytica is already the subject of two ongoing investigations by authorities -- one by the Information Commissioner's Office (ICO), the country's data regulator, and another by the Electoral Commissioner, which is concerned about the role the company may have played in the 2016 Brexit campaign.

"A full understanding of the facts, data flows and data uses is imperative for my ongoing investigation," said Information Commissioner Elizabeth Denham in a statement on Monday. "This includes any new information, statements or evidence that have come to light in recent days.

Cambridge Analytica has also already been questioned as part of a wider Parliamentary investigation into fake news in the UK. The company's CEO, Alexander Nix, told members of Parliament last month that Cambridge Analytica had not received any data from GSR.

"From the evidence that has been published by The Guardian and The Observer this weekend, it seems clear that he has deliberately misled the Committee and Parliament by giving false statements," said Committee Chair Damian Collins in a statement on Sunday. He will contact Nix this week asking him to explain his previous comments and answer further questions, he said.

Collins also accused Facebook both of deliberately avoiding answering questions about Cambridge Analytica and of understating the risk of data being taken and used without users' understanding and consent. Facebook previously provided evidence to the committee at a session in Washington DC in February, but Collins now wants CEO Mark Zuckerberg or another senior executive to answer for the company.

"It is not acceptable that they have previously sent witnesses who seek to avoid asking difficult questions by claiming not to know the answers," said Collins. "We need to hear from people who can speak about Facebook from a position of authority that requires them to know the truth.

"Someone has to take responsibility for this," he added. "It's time for Mark Zuckerberg to stop hiding behind his Facebook page."

Collins is also inviting whistleblower Chris Wylie to appear in front of the committee.

Facebook did not respond to a request for comment.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Blockchain Decoded:  CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.