‘Oh dear, yet another article about Facebook and data leaking, you may wonder. Is there really anything new to add to the deluge of articles on this topic? Being involved in Privacy Impact Assessment (PIA) we think there is. First off, we actually find it too much of a coincidence that the fuzz about Mark Z and friends has surfaced a few weeks before ‘G-day’. Moreover, there are lessons to be learnt for your company as well.
Questionable timing
What strikes us most is the apparent indifference Facebook has shown in response to the allegations so far. Is it because they have become immune to being sanctioned as this is almost as common for them as it is for you and us to pay our bills? After all, there is Spain that recently imposed a fine of a little over 1 million euros on the grounds of a privacy breach. And then there is Brazil that penalised Facebook with another 27 million euros for not cooperating in an investigation on alleged corruption. The EU itself wasn’t too pleased with the company disregarding promises earlier made not to link gathered data to WhatsApp accounts. Another 110 million euros went down the drains. However, these sanctions can be considered a mere tip compared to the sanctions that can be imposed after 25 May 2018 which makes the timing of the current breach more than a little questionable.
Planet, People, Profit, Protection?
We wonder what would have happened if Facebook and Cambridge Analytica had been exposed in a month or two. Companies preparing for GDPR may be inclined to take the same casual attitude, anticipating the EU will investigate the ‘big guys’ first or expecting to get away with it at all. If so, the number of companies that is ready for the regulations, which at this moment remains stuck at around 15 to 20%, will take a while to start picking up. There is however another way of looking at things. After all, isn’t compliance with GDPR simply a matter of CSR or, in other word, Planet, People, Profit and Protection (of personal data)? With all the reporting that is being done on CSR, data protection only seems the next logical step. Why limit transparency to matters like carbon dioxide emission and HR-policies when it should actually also apply to safeguarding people’s privacy interests?
Reputational damage
Like all sustainability measures it certainly wouldn’t harm your reputation, quite the contrary. Failing to do so however would, as Facebook is experiencing now more than ever. Many thousands of users are cancelling their account and Facebook’s net worth has seen better days. In this particular case this is a little unfair as many Facebook users expose a lot of themselves on Facebook of their own free will anyway. Hence the company name. However, none of us are Facebook nor would we like to be, especially now. So, will it be CSR or CSI (Corporate Social Irresponsibility)? The choice is yours.