Google Prioritizes Privacy Amidst the YouTube Scandal and Facebook Dating Launch
In the wake of the University of Zurich study and current affairs with YouTube’s children’s privacy issues, it is clear that data security is of the utmost importance to protect citizen’s rights and companies from noncompliance fines and scandals. However, today’s standards are minimal and conventional techniques, such as anonymization, are not enough. The issue of reoccurring privacy issues is also evident in Facebook, leaving users questioning what Facebook Dating means for their privacy. In spite of this, alongside the launch of Google’s open-source differential privacy library for companies, there are clear signals that organizations are making data security a priority.
The University of Zurich published a study on September 2, 2019, indicating that they were able to “identify the participants in confidential legal cases, even though such participants had been anonymized.” (Source) Through the combination of AI and big data, researchers were able to de-anonymize the data of 84% of 120,000+ participants in less than one hour. Such demonstrates that “linkage,” or anonymization without consideration of available public information, is not a secure manner to guarantee privacy, and the speed and ease at which these results were obtained sets an alarming precedent. More specifically, this industry-specific case sets the tone that the government’s systems cannot protect the privacy of plaintiffs and defendants, signalling the need for enhanced privacy and automation to prevent classified information from being released.
However, the government is not the only one who’s data security was called into question last week, as Google agrees to pay a record $170 million for illegally harvesting children’s data (Source). On Wednesday, the Federal Trade Commission and New York’s attorney general reached an agreement that the company must pay the fine and improve the children’s privacy protection on YouTube. The repercussions are a direct result of YouTube collecting personal data of children under the age of thirteen without parental permission and targeting them with behavioural ads, in violation of the Children’s Online Privacy Protection Act (COPPA). Part of the settlement indicates that moving forward will require child-directed content to be designated as such and behavioural ads on corresponding content should be prevented. Further, YouTube will not obtain previously shared data without parental consent.
The public is largely displeased with these sanctions, calling them a mere “slap on the wrist,” and some industry professionals have similar beliefs. Jeffery Chester, executive director of the Center for Digital Democracy, reports “It’s the equivalent of a cop pulling somebody over for speeding at 110 miles an hour – and they get off with a warning.” (Source) Such expressions indicate a trend for increased corporate responsibility and legal repercussions for privacy breaches.
Between the University of Zurich study and the ramifications of YouTube’s illegal data gathering reports last week, it is evident that companies should question how well protected their datasets are. Without adequate systems in place, they risk noncompliance fines and a loss of public trust.
This lack of trust follows Facebook, as users question what Facebook Dating will mean for their data in spite of its new privacy and security features (Source). Announced on Thursday, this service is set to roll out across the US to allow users to create a separate dating-specific profile and be matched with other users based on location, indicated preferences, events attended, and groups, amongst other factors. Some of the features include the ability to hide a profile from friends or to share plans with select people. Beyond this, Facebook will offer “Secret Crush” on Instagram, which allows individuals to compile a list of friends they are interested in, and to be matched if the crush also lists them.
This data is likely not as safe as Facebook suggests. Digital strategist, Jason Kelley, states that “If you’re trying to avoid dating services that have red flags, you can’t really find one that has more red flags than Facebook.” (Source) After all, days ago ~200 million Facebook users’ phone numbers were exposed online (Source).
The primary concern, given Facebook’s history of mishandling personal data, is Facebook’s ability to develop a more sophisticated ad profile based on their dating information. This includes “what kinds of people users like, whom they match with, and even how dates go” (Source). Mark Weinstein, a privacy advocate and founder of social network MeWe, even goes so far as to say that “Facebook will use Facebook Dating as a new portal into users’ lives; collecting, targeting, and selling dating history, romantic preferences, emotions, sexual interests, fetishes, everything.” (Source)
An additional concern due to their track record is that while Facebook reports dating profiles will not be connected to their Facebook activity, sensitive information, like sexual orientation, could be at risk of exposure.
The immense cloud of doubt surrounding Facebook is one other organizations hope to avoid, and as a result, there has been an increased focus on privacy protection. Google made this a priority when launching its open-source differential privacy library this week (Source).
With Google’s new library, developers are able to “take this library and build their own tools that can work with aggregate data without revealing personally identifiable information either inside or outside their companies.” (Source) This is a direct result of differential privacy, the most advanced technology to date.
Differential privacy enables the public sharing of information about a dataset while maintaining the confidentiality of individuals in the dataset. Using this method of security, according to Miguel Guevara, a Privacy and Data Protection Product Manager at Google, is vital because “without strong privacy protections, you risk losing the trust of your citizens, customers, and users.” (Source)
Google’s prioritization of privacy through its open-source launch signals that improved privacy protection is expected in today’s market. Such corroborates the needs outlined in the University of Zurich study, the fines Google faces over the YouTube scandal, as well as the impact Facebook’s history looks to have on the trust of their new service. Thus, it is evident: data security and privacy protection are more consequential than ever.