It has only been a giddy three months since the Cambridge Analytica Files were released to the public. Since then, we’ve been privy to what has felt like a decades-worth of catch-up from regulatory and governmental bodies, with GDPR reshaping our privacy laws in a variety of new and exciting ways, while causing a headache for pretty much everybody.
In tandem, Zuckerberg’s infuriatingly tepid appearances before EU and US legislators and the ongoing political fallout from this whole affair looks set to keep us occupied, if not entertained, for months, maybe even years, to come.
With our placid approach to user’s rights and privacy now seemingly at an end, it seems as if data activists are finally making progress, not just within national/supranational governments, but with grassroots activists and watchdogs as well.
The Belgian consumer protection non-profit Test-Achats has announced its intention to file claims against Facebook, in tandem with its sister organisations in Italy, Portugal and Spain. The core of the claim is the belief that Facebook has violated privacy and consumer protection laws; through the non-consensual sharing of data with Cambridge Analytica. They seek “at least” €200 per user in compensation.
This isn’t the only suit lumbering towards Facebook. Austrian privacy campaigner Max Scrhems has filed a series of multi-billion-euro complaints against Facebook, its subsidiaries WhatsApp and Instagram, and Google. His claim is that the companies are using “forced consent” to get users to agree to the companies’ updated privacy policies. He cites several examples, such as Facebook blocking the accounts that did not consent to the new policies, which seem to violate the “yes or no” option underlined in GDPR.
A similar approach is being used by grassroots group Google You Owe Us, who are suing Google over data-collection. The group is arguing that Alphabet Inc. - Google’s parent company - unlawfully collected people’s personal information by bypassing the default privacy settings on iPhones between August 2011 and February 2012, in order to divide people into categories for advertisers. If they succeed, their claims could amount to a payout of up to $4.29 billion.
If these lawsuits are successful, it would signal a major turnaround in both how the law treats these companies, and how it values the user. This is especially true for the cases lodged by Test-Achats and Google You Owe Us. By approving individual claims, it would actively enforce the connection between ones data and the intrinsic value that comes with it, likely leading to greater restrictions on how companies can and cannot use your data.
GDPR’s punishments carry a great deal of financial and political power. If a company is found to be in violation of these laws, they can face fines of up to 4 per cent of their global revenue. In Facebook’s case, this would amount to a payout of $1.6 billion. £500,000 is but a drop in the ocean to them.
Nonetheless, whether the maximum possible fine could actually be levied is, again, difficult to judge. GDPR’s framing of these fines is vague at best, owing in part to the question of how much these breaches actively harmed the individual. With Cambridge Analytica, data was taken from Facebook to be used for political targeting without the knowledge or approval of its users. How much this led to direct harm is difficulty to say, in part because it is nigh-impossible to decipher how big an impact it had on the election of Donald Trump. The same problem with vagueness can be applied to the other cases. Companies such as Facebook and Google have a history of vague privacy policies, that have often allowed them to emerge unscathed.
Other initiatives are taking a different route. In Amsterdam, the march to reclaim data, the Dutch PvdA (Labour Party) MEP Paul Tang launched the ‘Datavakbond.’ This “data labour union” aims to negotiate directly with companies such as Facebook and Google over what they do with user’s data.
The list of potential demands range from payment for the data that users have surrendered to companies to use their services, a direct channel through which to discuss their grievances, or simply more information about how their data is being used.
The idea of a ‘data labour union’ derives primarily from how people like Tang see social media. Instead of being user’s on a casual basis, they are, in fact, the workers, handing over vast quantities of data to participate in what has become known as Surveillance Capitalism.
In turn, the city’s Economic Board has, in turn, initiated a ’Data Disclosed’ manifesto to guide the ethical use of citizen’s data. The Tada! City manifesto aims to give more control to citizens when designing their ‘digital city,’ insisting upon a “transparent” use of data “so all citizens can benefit.” So far, thirty-two companies have signed.
Amsterdam is also playing a major role in the development of the DECODE (Decentralised Citizen Owned Data Ecosystem) Project, an initiative from the European Commission. The Project is designed to create new tools to allow EU citizens to decide whether to share personal information or keep it private, and who can be privy.
Pilot schemes are currently being trialled in collaboration with the city’s Waag Society, whilst another set of pilots in Barcelona are working on specifying which particular cases the initiative should focus on.
These initiatives are designed more around steadily shifting our approach to new technologies and big data firms, such as Facebook, whilst trying to educate individuals on how they can become empowered and take control of how their own data is used. By approaching it from how we first approach tech, as opposed to the consequences of using it, these initiatives will hopefully yield a strong set of long-term changes, and breed a greater awareness of big data concerns.
In turn, the potential to create a general public that is aware and able to identify issues with data ethics and data misuse, is an exciting one, and will likely be necessary in years to come, when more and more information and processes move online, particularly when it comes to health. It may also encourage a move towards the concept of a municipal internet; community/city-based services and broadband networks that allow people a greater say in how their online activities are used and monitored.
However, in spite of new advances in digital culture and the success of court cases, it remains necessary for the law to properly understand and accommodate big data; recognising the value of personal information, how it can be misused, and how to protect it. Whether this is through greater state regulation, tougher antitrust laws, or simply by redesigning social media’s architecture remains to be seen.