It’s 10PM, do you know where your Facebook [user] data is?
Facebook: What went wrong?
A psychology professor named Aleksandr Kogan was paid by Cambridge Analytica to create a personality app to aggregate data from Facebook users. Research performed by a separate researcher Michal Kosinski, indicated that Facebook ‘likes’ indicate a significant deal about a person. Cambridge Analytics was interested in harvesting this data and using it for personalized persuasive ads. The personality app required users to log in to Facebook to take a personality quiz. Once logged in, the app accessed all profile data, including what the person ‘liked.’ 270,000 users took the quiz. However, Facebook’s API’s allowed the app to collect information about each of those user’s friends, ultimately enabling the harvesting of about 50 million Facebook users.
But there’s more
When people downloaded their Facebook data and reviewed at it, they noticed phone call and text message records were included in the data – recipients and initiators of calls and texts, timestamps, and length of phone calls. These calls weren’t made using Facebook or Messenger – they were made on the phone that the messaging app or a lighter version of its main Facebook app was downloaded on.
It turns out, Facebook stores call and message metadata on some Android phones – data about the calls and messages without ever notifying the user; this includes who the call or message is exchanged with, the time calls are made or received or messages are sent or received, and length of calls. While Facebook claims the app requests user consent to sharing address book and contacts, what is missing is clear, precise notification on the nature of data and metadata collected, as well as consent from the person on the other side of the call or message.
Expectations of Privacy and Security: User Data