Tom Scott-Redford


Something has been bugging me about the whole mess around Facebook and Cambridge Analytica. Don’t get me wrong, both companies have stretched the boundaries of what it is OK to do with personal data. But it is, unfortunately, unsurprising that so many people don’t seem to care about what information they give out to online services.

#deletefacebook might be a thing on Twitter just now (#irony?), but I sincerely doubt that any significant numbers of people are going to abandon the service. What is the alternative for general-purpose social networking? Google+?

I came across a fascinating 8-day programme to do a ‘digital detox’ co-promoted by Mozilla. It takes users through a bite-size set of steps to learn about how their data is used online, and teach them how to control that data. Theoretically, it’s great! Engaged and rational citizens can take back control of their sensitive personal information, and make informed decisions about what to share in the future.

But what about the users who don’t engage? It is tempting to say that they should just suffer the consequences of their disengagement. If you don’t care what happens to your personal data, then you don’t care if it gets misused. A tempting way to feed a little smug self-satisfaction? But there are lots of reasons that people might not engage with things like a ‘data detox’. Lack of time, lack of understanding of the significance of personal data, not knowing that tools like it exist.

The transfer of data to Cambridge Analytica, and what they subsequently did with that data is, perhaps, not the most interesting part of this whole story. To me, it was how that data was collected in the first place. I’m not going to say anything about the academic who facilitated the collection. I listened to his interview with the BBC, and you should too. But the speed with which his dataset expanded is down to the fact that users gave him, not just their own data, but also the data of their friends.

Like vaccination or phishing, one ignorant person can compromise the security and safety of many others. Engaging in protecting personal information isn’t something that can be an optional extra. It’s a responsibility that everyone has.

I work in communications and PR, and, like most other people working in the industry, getting ready for the EU’s new data protection rules (the GDPR) has occupied a lot of my time lately. A lot of fellow public relations ’practitioners’ (professionalism means funny ways of describing what we do) seem to view GDPR as a nuisance. Sure, it is a bit of a hassle to prepare, and the odd marketing list might need to be tossed on the bonfire, but personally, I can’t wait.

GDPR is a chance to make people pay attention to how their data is used. It might become as annoying as a cookie notice, but at least the topic of how our personal data is used might just come to the fore a little more often.

The views expressed in this post are mine alone, and do not reflect the views of any organisations I am affiliated with.