Data scandal: Facebook is not credible - and the EU is too lax

display

Go on, there is nothing to see here.

With this tactic, Facebook is currently trying to downplay an enormous data leak.

Personal information from 533 million users from 106 countries has been available free of charge on the Internet since the beginning of April, including telephone numbers, full user names, e-mail addresses, birthdays and locations.

Criminals are said to have obtained the data via automated queries on the platform and exploited weaknesses on the site.

They got hold of sensitive data that cyber criminals can exploit in a variety of ways - but Facebook disregards it as if the security problem were a mishap of the past that is no longer relevant.

A spokeswoman for the company wrote on Twitter that it was "old data" that had already been reported.

The problem was also found and resolved in August 2019.

In fact, there have already been so many data scandals on the social network that there is a risk of losing track of things.

One data scandal follows the next

In spring 2018, Whistlebower made public that the British company Cambridge Analytica had used illegally acquired data from 87 million Facebook users for campaign advertising.

About a year later it became known that app partners of the platform had stored 540 million data records on publicly accessible servers.

In September 2019 it emerged that data from profiles could again be accessed openly on the network.

Around 419 million users are said to have been affected.

The list of known cases goes on.

It is currently absolutely unclear whether the current data came from one of these incidents and whether the data records were supplemented.

Mainly because Facebook is backing off again.

The company is currently not helping to clarify this point.

display

And otherwise the social network does not excel with the will to enlighten.

As things currently stand, Facebook does not intend to warn the affected users.

You are not sure whether you have an overview of whose data has been tapped - even though the leak has been known for more than a year and a half.

According to the company, the data is already public, and users cannot do anything anyway.

At best, this attitude can be called cynical.

In the worst case, negligent.

Much of the supposedly so old data may still be up to date.

How often do you change your email address or mobile phone number, not to mention your date of birth?

Criminals can do anything with this information, from harassment to identity theft.

Police authorities in various countries are also warning of scams via SMS, which are said to have occurred more frequently across the country in recent weeks.

In the messages, the recipients are informed of a package delivery.

Those affected should be enticed to click on a link for further information - and thus download malware.

If Facebook were to warn its users specifically, they would not be able to reverse the data leak, but at least they would be made aware of the dangers to which they were exposed.

In a blog entry from April 6th, however, the company only indicates that users should check the settings options to see what information they want to make public about themselves.

For the most part, Facebook is simply shifting the responsibility onto the users.

Facebook has a legal obligation

display

Correctly so, even Facebook critics might think, after all, users give their data voluntarily to the company that has at least a dubious reputation when it comes to protecting privacy.

But anyone who argues like this releases Facebook from its duty.

Every user has the right to disclose their data en masse to platforms and still be able to expect that they adhere to data protection.

After all, you can eat unhealthy fast food on a regular basis and still expect not to get food poisoning.

Facebook is by no means only morally obliged to deal transparently with the data leak, but also legally.

In July 2019, the US regulator FTC fined Facebook $ 5 billion for data breaches.

Since then, the platform in the USA has also been obliged to report data protection violations within 30 days if more than 500 users are affected.

And in the European Union, too, since the introduction of the General Data Protection Regulation (GDPR) in 2018, the company has had to report such cases within 72 hours.

When Facebook emphasizes that it is an old, longest known leak about which the affected users could not be specifically informed, this is simply a question of money for the social network.

And that's exactly where the supervisory authorities in Europe should finally work harder.

display

The current case could be an opportunity, especially for the EU, to show how serious it really is to hold tech companies accountable.

Mind you - could.

Because the EU has, rightly, the much-vaunted reputation of drawing up pioneering laws for protecting the privacy of users.

But with their enforcement against the data monopoly, to put it mildly, there is still a major problem: Since Facebook has its EU branch in Ireland, the Irish data protection authority has a leading role in investigations against the company.

But she only seems to do it in a very tame way.

Non-governmental organizations, EU parliamentarians and various European data protectionists complain that the agency is working too slowly and hesitantly.

It was only in mid-March that the Federal Data Protection Commissioner Ulrich Kelber complained in a letter.

Since the introduction of the GDPR, his authority has submitted more than 50 complaints to the Irish about Facebook's subsidiary WhatsApp alone.

None has been completed so far.

In the current case, the Irish authority has at least asked Facebook and announced an investigation.

But if the authority continues as before, Facebook does not have much to fear.