Gartner Blog Network


Consumer Privacy In The Age Of Facebook and Cambridge Analytica

by Siddharth (Sid) Deshpande  |  April 20, 2018  |  3 Comments

So – a few weeks ago, Facebook (FB) discloses they knew in 2015 that an app developer (Aleksandr Kogan) had, in a violation of his agreement with FB, shared user data with Cambridge Analytica (CA). Latest estimates are that 87 million users’ data was compromised as a result. Further, FB chose not to disclose this to the affected users until a few weeks ago which was a morally questionable decision. All hell breaks loose and extreme (and totally justified) reactions ensue from regulators, lawmakers and users alike.

This post is inspired by several discussions I have had over the past few weeks with clients, media and just regular consumers worried about their privacy. There are, of course, things that Facebook and regulators need to do to (perhaps the topic for another blog post!) but I want to focus more on the impact on the users.

There is an oft repeated cliché that has found popularity on the ‘interwebs’ these days: “if you are getting something for free, you aren’t the customer, you are the product”. While it is a catchy phrase (and I have been guilty of using it myself on occasion) – it actually oversimplifies a complex issue. The fact is: data is the new currency in the digital world. It isn’t just free platforms and apps that are using your data – paid services also use it to improve their service to you or to engage partners/sell you more stuff. For example looking at LinkedIn’s Privacy Policy, there do not seem to be any special privacy privileges accorded to users of its ‘LinkedIn Premium’ service versus people who use it for free.

To paraphrase George Orwell from the excellent satirical novel Animal Farm: all data are equal, but some data are more equal than others.

So it’s not YOU that is the product, its data about you. Online digital platforms place higher value on certain types of data because they can monetize it better. Data that defines your behavior and preferences can be presumed to be more valuable than static data points like birthdays and gender. Ironically, your behavioral data (location, pages you like, websites you visit etc.) can be analyzed to serve you content that further guides your behavior – sounds pretty creepy right (it is!).  Black Mirror episodes have explored these dystopian scenarios in some detail, so I will not go into those here.

Some excellent Gartner research from my colleagues Meike Escherich and Stephanie Baghdassarian in 2016 (Big Data vs. Privacy — The Rise of the Off Tribe) found that approximately 20% of users in the age groups 18-54 would be willing to share more private information if they were paid to share or would receive a discount on a service. I would presume this percentage would have increased between then and now. Pretty ironic that this is exactly how the now infamous Aleksandr Kogan got access to sensitive user data – by paying them to sign up for a personality quiz app called ‘This Is Your Digital Life’, ostensibly for research purposes. By the way, the amount was not significant, one report quotes Kogan as saying each participant was paid $3- $4 to use the app.

Alright, I could rant about this forever, but I did want to close out this post by offering some tips and pointers to consumers about security and privacy when using social media platforms:

  1. Consent Matters: Read the terms and conditions very carefully and understand what data is being collected and how it is being shared with third parties. If you are not comfortable with it, don’t use the platform! Consent is also what FB used as a defence in the early days of the CA scandal – the fact that users accepted the T&Cs at the time meant the onus of responsibility was purportedly on them. Upcoming regulations will mean social media providers need to offer a more easily understandable and simple set of terms and conditions, which will be a welcome change from the ‘legalese’ that most consumers just gloss over.
  2. Privacy vs. Convenience Trade Off: You could choose to be drastic, give up modern civilization and retire to the hills to seek higher truths through meditation (arguably an attractive option for many, yours truly included!), but that is not a practical option for most people. Living in a city, you will most likely rely on technology in small or large measure. Modern technology you can bring great conveniences to your life but you need to pick and choose where you share data, how much you share and whether the benefit in return is worth it. Also, it is a good idea to remind yourself that anything you share on a public platform is probably being used in some way that you don’t know. So, discretion is the better part of valour
  1. Review App Permissions and Default Settings: Ensure the apps that you are installing on Facebook (or other platforms) or on your mobile device actually need the permissions they are asking for to perform the functions they claim. If a ‘news aggregator’ app asks for access to your photos and videos on Facebook, don’t install it. Further, always go into the default privacy settings of a platform or app and choose the privacy options that you are comfortable with. New regulations are expected to mandate more granularity here so you can actually exercise more control.
  1. Healthy Paranoia: We trust technology a lot because it is passive. It is important to apply the same principles of trust that we do in the real world, in the digital world as well. For example, if you are walking down the street and someone walks and asks you the name of your first pet, you would probably laugh them off. However, when a quiz app on Facebook asks you a similar question to ‘unlock’ the next level – many (if not most) users would blindly answer the question. These innocuous questions are often the ‘secret questions’ to reset your password for online platforms. This type of data harvesting has been recently written about by Brian Krebs here.

I am sure there are other things I have missed or not addressed in this post so please feel free to discuss or rant in the comments section below J

Finally, and on a lighter note, perhaps we should all go outside more often and spend less time on social media. More importantly, some members of society would do well to not be on the phone AND be outside at the same time (e.g. walking down the footpath) – that can have some actual physical security implications (involving lampposts and bruised foreheads) that do not need a blog post to describe J

Category: 

Sid Deshpande
Principal Research Analyst
8 years at Gartner
13 years IT Industry

Siddharth Deshpande is a Research Director covering security infrastructure and services. Read Full Bio


Thoughts on Consumer Privacy In The Age Of Facebook and Cambridge Analytica


  1. BM says:

    Excellent! Would LOVE to read more!

  2. Amol Inamdar says:

    Crisp and lucid – well written!

  3. Excellent, liked the Black Mirror reference. Black Mirror alone would be more effective than any other measure today :)



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.