Social Media Companies Find New Challenges in Accessing Personal Data

The Wide World Web was once unfettered territory for social media companies. Pioneers that could figure out a way to interpret consumers’ online habits and use that inquisitive data to make money has been by and large, an assumed byproduct of today’s internet age.

But that landscape is quickly changing.

Local campaign disclosure laws and data mining

Earlier this month, after news broke that Facebook and Google may have sold advertising that could indirectly influence voters in recent primaries, Washington State stepped up to the plate. It seems that Washington and Seattle’s laws are broader than those of many other areas of the country, requiring greater disclosure to the public.

Companies must disclose the “exact nature and extent” of advertising they sell that impacts consumers in the state. Cost, advertisers’ information and other details must also be made public when requested. And according to privacy advocates and one recent story by a local publication, data pertaining to local elections were not released by the two companies when asked.

Washington State Attorney General has since announced a lawsuit against the two social media giants, specifically for failing to maintain and disclose “documents and books of account” that detail campaign advertising during the past three years as the law specifies.

The lawsuit is an example of where public entities, armed with the teeth of laws that have been on the books for decades are dusting them off to investigate and regulate newer, global business practices that they say infringe on the rights of residents.

Europe's data protection regulation and social media

But social media businesses are also finding that navigating laws when it comes to accessing personal data is about to get much more complicated, especially if those companies intend to make money from the process.

Privacy advocates in the European Union have been trying for years to impose stricter rules when it comes to social media companies’ data protection methods. In particular, Facebook, Google and its subsidiaries Whatsapp and Instagram have frequently been in the cross hairs of privacy advocates that maintain the companies are designing algorithms to sweep up personal data from a broad spectrum of uses and locations.

On June 1 the EU’s onerous General Data Protection Regulation (GDPR) went into effect with stiff, recurring penalties for companies that violate its requirements.

What makes the GDPR law particularly thorny for big Internet players like Google and Facebook is that its requirements don’t just apply to companies that are located within the EU. It applies to the access that a business not located in France, or Germany or another EU nation has within its borders as well.

According to Max Schrems, an Austrian attorney who has been after Google and Facebook for years for their data mining practices, the two companies are already in violation of EU laws. They could face billions of dollars in fines – as much as 4 percent of their profits each consecutive time the enterprises violate the law.

Adherence to the law means iron-clad user agreements that specify the data the company is gathering and ensures consent. It’s a procedure that companies like Facebook may find hard to adhere to, say experts, who note that the company doesn’t just benefit from traffic on its site but others around the web.

Facebook CEO Mark Zuckerberg has assured the EU Commission that the company intends to adhere to the regulation. One of the company’s answers to the problem involves developing software that allows users to click on and see all the places their data is coming from when it arrives at Facebook. It also may give users the ability to wipe out that data and control such traffic of information.

Whether this will satisfy privacy czars in all EU countries (who independently have the power to investigate and lodge complaints) is yet to be seen.

And makers of mobile phones that draw up agreements that “force” users to reveal personal data in order to use the apparatus they buy (many times with a choice of opting out later) may be skirting the GDPR law as well.

According to Schrems, had laws like the GDPR been in place years ago, the Cambridge Analytica fiasco, in which users found out after the fact that the company was accessing Facebook data, wouldn’t have happened.

“If we enforce [this] properly, we should be able to get a balance in the digitalized age,” Schrems told CNNMoney. “In the end you should be able to use Facebook without worrying 24/7 about your data,” he said.

Flickr image: mkhmarketing (start bloggingonline.com)