Find a law review article in the library concerning ethics, privacy law, and cybersecurity;
Use the IRAC method (Issue, Rule, Analysis and Conclusion) to analyze your selected law review article, especially with regard to how the public may be adversely affected by your topic.
Issue
Recently, it has come under the news that personal details of more than 50 million users of Facebook had been leaked to one of the companies named Cambridge Analytica. It was a UK based political analytics provider. The whole issue started when Aleksandr Kogan, a professor of the University Of Cambridge University was collecting data in respect to Facebook users and after the research; he developed a mobile application named “This is your digital life”. This app allowed Cambridge Analytica to collect the information of Facebook users. Later on, the collective information was used in an adverse manner[1] (Batra, 2018).
Cambridge Analytica used this information in favor of Donald Trump who was a then-the presidential candidate. This incident was reported as a data breach[2] (Badshah, 2018). In reply to the issue, the Deputy Counsel of Facebook stated that it is not a case of a data breach. He held the allegation false and in his clarification, he had stated that people who have used the application developed by Kogan have provided their individual consent for the access of their personal information and Facebook was not on failure as no password has been asked the by the application named This is your digital life (TIYDL). It was not an illegal act as people have consented and given the approval of access to their personal information through Facebook.
However, the deputy counsel had denied the presence of data breach from the side of Facebook, yet to say that people who have consented to TIYDL were not aware that their personal information could be shared with a third party. Even this app accessed the information of the friends of those who have consented. Hence, in an indirect manner, it was a breach of data privacy at the end of Facebook.
Privacy of individuals is a concern for the nation. Every company has certain laws on the topic of privacy, which are well known as privacy law. In the US, the Department of Homeland Security is there that develops various programs and policies in the nation[3]. Similarly, in EU law, there are many provisions in the different areas of privacy law. GDPR is one of them. GDPR refers to General Data Protection Regulation. It is a kind of privacy law that works in the area of data protection and cybersecurity and the parliament of EU has approved this regulation in the year 2016. The same has been enforced with effect from 25 May 2018. Before this regulation, the Data Protection Directive 95/46/EC was there to provide guidance on the matter of data security[4] (eugdpr.org, 2018).
US privacy system allows the injured parties to bring a legal action in against of the guilty parties who involves in the breach of privacy. However, to bring a legal action, such an act of a guilty party must be “unfair or deceptive.” Under the Privacy Act[5] , some rules are defined for dealing with data security issues. For the different area of concern, different privacy laws are there in the US. There is no single federal legislation related to the subject of privacy. Freedom of expression provided by the first amendment is also a related topic to study. It has been interpreted in such a manner that it becomes necessary for the companies to provide all the basic information related to data used to the respective individuals. All the countries are continuously focusing on the topic of cyber security as it can lead to a very dangerous impact on individuals.
Rules
Section 5 of the Federal Trade Commission Act prohibits the companies to do any deceptive or unfair act while conducting some specific activities such as behavioral tracking, data security, privacy information, online advertising and so on[6]. In addition to federal law, may state laws are also there that provide the rules related to cybersecurity and data protection. EU–US Privacy Shield is a law that provides a manner of data transfer from EU to the US[7]. All these privacy laws demands that a company must be careful while dealing with the personal data of individual and the issue becomes more crucial when it comes to the transfer. Applying the provisions of Section 5 of the Federal Trade Commission Act, this can be stated that even Facebook also provide son information to the users that the same is going to share which information with which the third party.
If review the aforementioned issue from the viewpoint of privacy law, this is to state that Facebook being a significant social media, needed to be careful in this case. In addition to Facebook, the more involved guilty was Cambridge Analytica. Being a data collector and processor company, the same might be aware of their duties. It was also not right from the viewpoints of ethics as the incident involved a case of heavy data breach and the affected people were 50 million in number. GDPR has been effective in May 2018 whereas the issue discussed above has happened in March 2018. That time Data Protection Directive 95/46/EC was there that was required to be followed by the company.
Facebook on the other side was required to follow several privacy laws of the nation. As the company has a lot of personal data of individuals, in this situation, it was the responsibility of the company to keep the information private. Facebook failed to provide the required level of privacy to the company. Facebook and Cambridge Analytica were also required to review EU–US Privacy Shield and in this manner, there was a serious breach of privacy law of both the nation as well as of ethical principles.
Conclusion
As discussed earlier, Cambridge Analytica has used the information of several Facebook users in an adverse manner without their permission. To conclude the issue, this is to state that both of this company did not only breach privacy law and committed cybersecurity but also breached the ethical principles. The case provided a lesson to social media companies like Facebook and data collector and processor like Cambridge Analytica that how carefully, the cases of data security breaches should be entertained, and how dangerous impact such cases can lead.
Legislations
Privacy Act 1974
Other Resources
Alan Charles Raul, The Privacy, Data Protection And Cybersecurity Law Review (2018) < https://thelawreviews.co.uk//digital_assets/25776d4c-702f-41bb-82a0-cb3e18240506/Privacy.pdf>.
DK Batra, What the Facebook-Cambridge Analytica Data Leak Teaches us About Ethics And Privacy (2018) https://www.entrepreneur.com/article/313110>.
eugdpr.org, The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years (2018) < https://eugdpr.org/>.
federalreserve.gov, Federal Trade Commission Act Section 5: Unfair or Deceptive Acts or Practices (2018) < https://www.federalreserve.gov/boarddocs/supmanual/cch/ftca.pdf>.
Homeland Security, Cybersecurity and Privacy (2018) < https://www.dhs.gov/cybersecurity-and-privacy>.
Nadeem Badshah, Facebook to contact 87 million users affected by data breach (2018) <https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach>.
[1] DK Batra, What the Facebook-Cambridge Analytica Data Leak Teaches us About Ethics And Privacy (2018) <https://www.entrepreneur.com/article/313110>
[2] Nadeem Badshah, Facebook to contact 87 million users affected by data breach (2018) <https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach>.
[3] Homeland Security, Cybersecurity and Privacy (2018) < https://www.dhs.gov/cybersecurity-and-privacy>.
[4] eugdpr.org, The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years (2018) < https://eugdpr.org/>.
[5] Privacy Act 1974
[6] federalreserve.gov, Federal Trade Commission Act Section 5: Unfair or Deceptive Acts or Practices (2018) < https://www.federalreserve.gov/boarddocs/supmanual/cch/ftca.pdf>.
[7] Alan Charles Raul, The Privacy, Data Protection And Cybersecurity Law Review (2018) < https://thelawreviews.co.uk//digital_assets/25776d4c-702f-41bb-82a0-cb3e18240506/Privacy.pdf>.
