• by Sean Hargrave , Staff Writer, May 3, 2018

What a week for privacy. We started it with both Facebook and Cambridge Analytica pointing out they had done nothing intrinsically wrong. Zuckerberg said they had let people down, but it was someone else who had used the data, and CA said they hadn't done a thing, and had no idea what the fuss was about.

We approach the end of the week with both still protesting their innocence. Only Cambridge Analytica has now wound down and Facebook has done the one thing left for a social media platform that fears it has abused and so lost the trust of the public. When you stand accused of betraying trust and prying into sensitive data the next step is obvious -- open a dating site. 

However, for me, this is not now the question of the day. There has undoubtedly been some dodgy data dealing somewhere along the line with CA. People signed up to a personality test and ended up having their data sold to a company that claims to have used the information to swing the election for Trump. Quite how much of a difference it made, I'm not so sure.

As far as Facebook goes, it's already a dating site, isn't it? I know female friends are quite shocked that certainly some men seem to think that's what it is, anyway. People talk tough on Facebook, but actually deleting accounts -- I'm just not seeing it. Users love the site and have just enough outrage to post something about privacy, just as they then go back to finding out which "Game of Thrones" star they truly are.

For me, the issue of the day lies the other side of the pond with AggregateIQ. Certainly a journalist was on television this morning claiming to have evidence the companies may have worked together or were linked together in some way. The same journalist made the point that the CA guys had already set up a new business anyway, so expect them to be opening shop soon under a different brand name.

The issue with AggregateIQ is that it underlines the complexity of modern digital marketing and political messaging. The evidence seems clear that it worked with several Leave groups to target political ads at people the campaigners wanted to win over. Again, there are question marks as to how they got the data. I'm quick to point out that if they were selling cans of tuna and used data that well, they would be winning awards. As it is, they helped deliver a vote that many of us in the UK are still struggling to come to terms with.

So there's a question mark over exactly what the Canadian company did and exactly how legal its use of data was. The main point, of course, is that it isn't based in the UK, like CA. This has enabled it to avoid helping the ICO's investigation in any meaningful way. The Information Commissioner recently went on record to say that despite what had been claimed, AggregateIQ was not helping its investigation as it claimed and it was seeking legal advice on bringing them to book.

One can almost see the smiles from Canada all the way over here in London. "Good luck with that" is almost certainly what AggregateIQ is thinking. They are over there, operating through Facebook Inc, while over in the UK we have us voters, the Leave campaigners and the ICO. 

This, to me, is the issue of the day. Is it possible for a third party to do what they like with data in another jurisdiction with looser privacy rules than our own? The current situation would appear to suggest that is exactly the case. 

Will GDPR improve this? In theory, yes, because political opinions are protected as being sensitive data and can only be processed with explicit permission. However, the current situation makes you think. What powers does our ICO have outside the UK? How enforceable is GDPR outside the EU?

Closures and dating site launches aside, that is the issue of the day for me.