Europe’s top data protection official has warned that Facebook’s Cambridge Analytica crisis is just the „tip of an iceberg” when it comes to scandals involving people’s personal information.
As Facebook CEO Mark Zuckerberg prepares for a showdown with EU lawmakers on Tuesday, the European Data Protection Supervisor expects other breaches to emerge after 87 million users had their Facebook profile scraped and used in targeted political advertising by Cambridge Analytica.
Giovanni Buttarelli is responsible for helping enforce data protection laws across the EU. His office works with European member states to help them interpret regulation and protect consumers.
„Cambridge Analytica is the tip of an iceberg. You have seen news of other personality tests and also about the 200 apps suspended by Facebook,” Buttarelli told Business Insider.
Buttarelli was referring to the myPersonality test, a University of Cambridge app that was revealed last week to have collected the data of around three million Facebook users. The app was one of 200 suspended by Facebook last week, as it investigates thousands of other potential data scares.
Buttarelli said Facebook’s open relationship with data researchers, which were used to improve and refine the platform according to academics involved, meant that the Cambridge Analytica scandal was no accident.
He said: „It was not by chance, it was not a data leak, it was not a breach of contract, but actually the result of a standard and later on a predominant business model.”
Business Insider has contacted Facebook for comment. Zuckerberg is expected to apologise to European users during his EU Parliament hearing on Tuesday, according to written testimony seen by The New York Times and others.
„Whether it’s fake news, foreign interference in elections or developers misusing people’s information, we didn’t take a broad enough view of our responsibilities,” Zuckerberg is expected to say. „That was a mistake, and I’m sorry.”
Under new EU General Data Protection Regulation (GDPR), which comes into force this week, Facebook and other tech companies could be fined up to 4% of their global revenue for privacy breaches. For Facebook, this could mean a fine of more than $1.5 billion (£1.1 billion).
GDPR must restore user trust
Buttarelli said it was difficult to determine whether the Cambridge Analytica breach, which took place in 2015, would have left Facebook vulnerable to a hefty penalty. He said the matter is still being investigated and would depend on a number of factors.
„To apply a fine: Is this a negligence, is this tolerance, is this complicity? Different conclusions may be raised depending on the period to be analysed. It’s a retrospective analogy,” he said.
The European Data Protection Supervisor added that it is important for companies like Facebook to comply with GDPR to restore trust among users — and that May 25, when the law comes into force, is just the starting point.
„I’m afraid that some of them are underestimating the lack of trust among consumers. I’m not referring to the #deleteFacebook, or the stock exchange effect, but I’m talking about the sense of depression in many users and consumers,” Buttarelli explained.
Trust in Facebook plummeted after the Cambridge Analytica scandal hit in mid-march, but data last week showed that Facebook usage actually increased in April. It suggests that the Facebook backlash never fully arrived.