DTAG 1 TT RTAG 1 TTThe UK’s data watchdog has warned that ATAG 1 TTFacebook must overhaul its privacy-hostile business prototype or gamble burning user rely for good.

RTAG 2 TTComments she made today have also raised questions over the legality of so-called lookalike gatherings to target political ads at users of its platform.

RTAG 3 TTInformation commissioner ATAG 2 TTElizabeth Denham was giving evidence to the Digital, Culture, Media and Sport committee in the UK parliament this morning. She’s just produced her latest ATAG 3 TTreport to parliament, on the ICO’s( still ongoing) investigation into the dreary world of data use and misuse in political campaigns.

RTAG 4 TTSince May 2017 the guardian has been pulling on myriad weaves attached to the ATAG 4 TTCambridge Analytica Facebook data embezzlement gossip — to, in the regulator’s commands,” follow the data” across an part ecosystem of musicians; from social media firms to data intermediaries to political parties, and certainly beyond to other still uncharted performers with an interest in likewise coming their hands on people’s data.

RTAG 5 TTDenham quickly admitted to the committee today that the sprawling piece of work had opened a major can of worms.

RTAG 6 TT” I think we were startled by the amount of data that’s held by all of these agencies — not just social media companionships but data companies like Cambridge Analytica; registered political party the extent of their data; the practices of data intermediaries ,” she said.

RTAG 7 TT” We likewise looked at universities, and the data practices in the Psychometric Centre, for example, at Cambridge University — and again I envisage universities have more to do to control data between academic researchers and the same individuals that are then leading business companies.

RTAG 8 TT” There’s a lot of switching of hats across this whole ecosystem — that I think there needs to be clarity on who’s the data controller and limits on how data can be shared. And that’s a topic that runs through our whole report .”

RTAG 9 TT” The major concern that I have in this investigation is the highly disturbing disregard that many of these organizations across the part ecosystem have for personal privacy of UK citizens and voters. So if you look across the whole system that’s really what this report is all about — and we have to improve these practices for the future ,” she lent.” We truly need to tighten up restraints across the part ecosystem because it matters to our democratic processes .”

RTAG 10 TTAsked whether she would personally rely her data to Facebook, Denham told the committee:” Facebook has a long way to go to change traditions to the pitch where people have penetrating trust in the pulpit. So I understand social media websites and pulpits and the acces “were living” our lives online now is here to stay but Facebook needs to change, greatly change their business sit and their patterns to maintain trust .”

RTAG 11 TT” I understand that platforms will continue to play a really important role in people’s lives but they need to take much greater responsibility ,” she lent when pressed to confirm that she wouldn’t trust Facebook.

HTAG 1 TTA code of rehearsal for lookalike audiencesHETAG 1 TT RTAG 12 TTIn another key fraction of the session Denham was indicated that inferred data is personal data under the law .( Although of course ATAG 5 TTFacebook has a different legal explainof this part .)

RTAG 13 TTInferred data refers to presumptions made about someones based on data-mining their wider online task — such as identifying a person’s( non-stated) political looks by examining which Facebook Pages they’ve liked. Facebook offers advertisers an interests-based tool to do this — by creating so-called lookalike audiences comprises of users with similar interests.

RTAG 14 TTBut if the information commissioner’s belief of data protection regulation is chastise, it implies that use of such implements to deduce political vistums of individuals could be in breach of European privacy rule. Unless precise allow is gained ahead for people’s personal data to be followed for that purpose.

RTAG 15 TT” What’s happened here is the representation that’s well known to beings in the commercial sector — or behavioural targeting — has been transferred, I guess transformed, into the political realm ,” said Denham.” And that’s why I called for an ethical interval so that we can get this right.

RTAG 16 TT” I don’t think that we want to use the same simulate that sells us anniversaries and shoes and autoes to become involved in people and voters. I think that people expect more than that. This is a time for a pause, to look at systems, to be addressed these best practices of social media companionships, to take action where they’ve ended the law .”

RTAG 17 TTShe told MPs that the use of lookalike audience should be included in a Code of Practice which she has previously called for vis-a-vis political campaigns’ give of data tools.

RTAG 18 TTSocial media pulpits should also disclose the use of lookalike audiences for targeting political ads at consumers, she said today — a data-point that Facebook has nonetheless skipped to be incorporated into its newly launched political ad disclosure system.

RTAG 19 TT” The consume of lookalike gatherings should be made translucent to the individuals ,” she suggested.” They need to know that a political party or an MP is representing consume of lookalike publics, so I ponder the absence of opennes is problematic .”

RTAG 20 TTAsked whether the implementation of its Facebook lookalike publics to target political ads at people who have chosen not to publicly disclose their political ends is legal in accordance with existing EU data protection laws, she declined to make an instantaneous rating — but told the committee:” We have to look at it in detail for the purposes of the GDPR but I’m suggesting the public is painful with lookalike gatherings and it needs to be transparent .”

RTAG 21 TTWe’ve reached out to Facebook for comment.

HTAG 2 TTLinks to known cyber security breachesHETAG 2 TT RTAG 22 TTThe ICO’s ATAG 6 TTlatest report to parliament and today’s manifestation hearing likewise lit up a few brand-new pieces of intel on the Cambridge Analytica narrative, such as the fact that some of the misused Facebook data — which had learnt its course to Cambridge University’s Psychometric Centre — was not only accessed by IP addresses that resolve to Russia but some IP homes have been linked to other known cyber insurance breaches.

RTAG 23 TT “That’s what we understand,” Denham’s representative, James Dipple-Johnstone told the committee.” We don’t know who is behind those IP places but what we understand is that some of those appear on registers of concern to cyber insurance professionals by virtue of another type of cyber happens .”

RTAG 24 TT” We’re still examining exactly what data that was, how secure it was and how anonymized ,” he added saying ” it’s part of an active line of enquiry “.

RTAG 25 TTThe ICO has also legislated materials on “to the relevant authorities”, he added.

RTAG 26 TTThe regulator too revealed that it now knows exactly who at Facebook was aware of the Cambridge Analytica breach at a very early instance — saying it has internal emails related to it issue which have” quite a large dissemination roll “. Although it’s still not been made public whether or not ATAG 7 TTMark Zuckerberg identify is on that list.

RTAG 27 TTFacebook’s ATAG 8 TTCTO previously told the committee the person with ultimate responsibility where data misappropriation is concerned is Zuckerberg — a level the Facebook founder has also made personally( ATAG 9 TTjust never to this committee ).

RTAG 28 TTWhen pulped if Zuckerberg was on the delivery schedule for the breach emails, Denham declined to confirm so today, saying ” we are only don’t want to get wise incorrect “.

RTAG 29 TTThe ICO said it would progress the directory to the committee in due course.

RTAG 30 TTWhich represents it shouldn’t be too long before we know exactly who at Facebook was responsible for not disclosing the Cambridge Analytica infringe to relevant regulators( and undoubtedly parliamentarians) sooner.

RTAG 31 TTThe committee is pulping in this because Facebook payed earlier proof to its online disinformation enquiry more skipped to mention the Cambridge Analytica transgres solely.( Hence its accusation that senior management at Facebook intentionally denied pertinent information .)

RTAG 32 TTDenham agreed it would have been best tradition for Facebook to notify related regulators at the time it became aware of the data mistreatment — even without the GDPR’s brand-new reporting requirement being in force then.

RTAG 33 TTShe too agreed with the committee that it would be a good meaning for Zuckerberg to personally testify to the UK parliament.

RTAG 34 TTLast week the committee questioned ATAG 10 TTyet another invokes for the Facebook benefactor — this time in conjunction with a Canadian committee which has also been investigating the same knotted entanglement of social media data misuse.

RTAG 35 TTThough Facebook has yet ascertained whether or not Zuckerberg will build himself available this time.

HTAG 3 TTHow to regulate Internet impairments? HETAG 3 TT RTAG 36 TTThis summer the ICO announced it would be questioning Facebook with the maximum penalty possible under the country’s aged data protection government for the Cambridge Analytica data breach.

RTAG 37 TTAt the same time Denham also ATAG 11 TTcalled for an ethical suspension on the use of social media microtargeting of political ads, saying there was an urgent need for” largest and sincere clarity” regarding the use of new information and communication technologies and techniques to ensure” parties have restrained over their own data and that the law is supported “.

RTAG 38 TTShe reiterated that call for an ethical pause today.

RTAG 39 TTShe also said the fine the ICO ATAG 12 TThanded Facebook last-place month for the Cambridge Analytica infringement would have been “significantly larger” under the rebooted privacy regime ushered in by the pan-EU GDPR framework this May — adding that it would be interesting to see how Facebook responds to the fine( i.e. whether the government has pays up or tries to appeal ).

RTAG 40 TT” We have suggestion … that Cambridge Analytica may have partially removed some of the data but even as recently as 2018, Spring, some of the data was still there at Cambridge Analytica ,” she told the committee.” So the follow up are lower than robust. And that’s one of the reasons that we penalized Facebook PS5 00,000.”

RTAG 41 TTData deletion self-assurances that Facebook had sought from various entities after the data ill-use gossip blew up don’t appear to be worth the paper they’re written on — with the ICO also noting that some of these proofs had not even been signed.

RTAG 42 TTDipple-Johnstone also said it believes that a number of added both individuals and academic institutions received “parts” of the Cambridge Analytica Facebook data-set — i.e. additional to the multiple known entities in the chronicle so far( such as GSR’s ATAG 13 TTAleksandr Kogan, and CA whistleblower Chris Wylie ).

RTAG 43 TT” We’re examining exactly what data has become where ,” he said, saying it’s looking into “about half a dozen” entities — but refusing to specify names while its enquiry remains ongoing.

RTAG 44 TTAsked for her positions on how social media should be regulated by policymakers to rein in data abuses and desecrations, Denham intimated a system-based coming that looks at effectiveness and outcomes — saying it simmers down to accountability.

RTAG 45 TT” What is needed for tech firms — they’re already subject to data protection principle but when it comes to the broader set of Internet evils that your committee is speaking about — misinformation, disinformation, harm to children in their development, all of these various kinds of damages — I think what’s needed is an accountability coming where parliament causes the objectives and the outcomes that are needed for the tech companies to follow; that a Code of Practice is developed by a regulator; backstopped by a regulator ,” she suggested.

RTAG 46 TT” What I think’s really important is the regulators looking at the effectiveness of systems like takedown manages; remembering bots and fake details and disinformation — rather than the regulator taking individual complaints. So I think it needs to be a plan approach .”

RTAG 47 TT” I think the time for self regulation is over. I think that carry has voyaged ,” she also told the committee.

RTAG 48 TTOn the regulatory capabilities breast, Denham was generally upbeat about the potential of the new GDPR framework to curb bad data practices — pointing out that is not merely does it allow for supersized penalties but companies can be ordered to stop processing data, which she showed is an even more potent implement to button swindler data-miners.

RTAG 49 TTShe also said proposed another brand-new strength — to be done in order to and inspect companies and attend data examines — will help it get results.

RTAG 50 TTBut she said the ICO may need to ask parliament for another implement to be able to carry out effective data investigations.” One of the areas that we may be coming back to talk to parliament, to talk to government about is the possibility of impel beings to be interviewed ,” she said, including:” We have been exasperated by that perspective of our investigation .”

RTAG 51 TTBoth the former CEO of Cambridge Analytica, ATAG 14 TTAlexander Nix, and Kogan, the academic who improved the quiz app used to extract Facebook user data so it could be treated for political ad targeting intents, had refused to appear for an interrogation with it under admonish, she said today.

RTAG 52 TTOn the wider challenge of regulating a full range of” Internet sufferings” — spanning the spread of misinformation, disinformation and also offensive user-generated content — Denham indicated a hybrid regulatory simulation might eventually be needed to tackle this, indicating the ICO and communications regular Ofcom might work together.

RTAG 53 TT” It’s a very complex domain. No country has attacked this yet ,” she confessed , mentioning the squabble around ATAG 15 TTGermany’s social media take down principle, and computing:” It’s very challenging for policymakers … Balancing privacy rights with freedom of expression, freedom of expression. These are really difficult regions .”

RTAG 54 TTAsked what her full’ can of worms’ investigation has highlighted for her, Denham parted it up as:” A disturbing quantity of disrespect for personal data of voters and prospective voters .”

RTAG 55 TT” The main purpose of this[ investigation] is to pull back the curtain and present the public what’s happening with their personal data ,” she included.” The politicians, the policymakers need to think about this too — stronger the regulations and stronger regulations .”

RTAG 56 TTOne committee member suggestively hovered the concept of social media platforms being required to have an ICO officer inside their organizations — to grease their compliance with the law.

RTAG 57 TTSmiling, Denham responded that it would probably make for an unpleasant prospect on both sides.