Ten days after the revelation of the Cambridge Analytica scandal, Facebook is still facing a flurry of criticism. Mark Zuckerberg’s mea culpa was a little late, and the social network has just announced a redesign of its mobile interface, supposed to facilitate data control by users.
At the time, a tutorial called “The Basics of Privacy” helped registrants to know what their virtual friends saw of them but also how they interacted with them. That was just the tip of the iceberg. Because the relevant parameter was the “data use policy.” Reading between the lines, we learned that users could have no control over how their data was used for commercial purposes or how they were tracked thanks to the “like” buttons integrated into web pages.
In reality, the significant change in data privacy did not come from the way users control their data, but rather from the way Facebook left data almost self-service through the Social Graph API.
What is social graph API?
In April 2015, Facebook blocked access to the Social Graph API for developers. It is precisely through this programming interface (API) – which allows two utterly independent computer systems to interact – that Cambridge Analytica has had access to the data of 50 million users, plus their Facebook friends.
Before 2015, the social network presented the social graph as its “backbone.” It was full of valuable information about “the people, the connections between Internet users and their interests.” We can imagine it like a spider’s web composed of nodes (users, third-party applications…) and cables connecting them (likes, comments…).
By going through a simple URL, a developer could allow his third-party application to read and collect all this data contained in the social graph. For example, a user playing FarmVille gave access to his data but also to those of his virtual friends.
Redesign of the personal data control interface
The web giant also announced – in a press release almost as short as a tweet – to terminate its contracts with advertising data aggregators such as Acxiom, Datalogix (owned by Oracle), Experian, Transunion or WPP PLC. By exploiting these third-party data, the social network could never be sure that they had been collected with the consent of the Internet users.
Since 2013, Facebook has been collecting third-party data collected by these companies and aggregating it with its user data. Then these cross data were resold to advertisers (merchant sites, brands…) for a more effective advertising targeting. Part of the profits went to the data aggregators.
This initiative was welcomed by Elizabeth Dunham, head of the UK Data Protection Authority. Contacted by TechCrunch, Zuckerberg’s company said it would continue to work with data aggregators for the sole purpose of measuring ad performance on its platform.