The recent disclosures in the case of Facebook and the role of Cambridge Analytica have revealed a nest of failures from which it is difficult to comment on one issue without touching on many others.

   As is fitting for a social network company, the data breach and the ensuing controversies have stemmed from the interconnectedness of modern institutions and systems. This problem is not new, it has been hiding in plain sight for many years. It represents a new vector in cybersecurity, that of information governance failure.

   Nobody was physically harmed, suffered financial loss, or has been arrested for criminal activity. The outdated user profiles are not freely available on the internet. Nobody broke in and stole the data. No single person was responsible. Users’ data privacy was taken by implicit systemic failings.

Flawed Regulation

   Now it has been reported, the role of Facebook, its affiliates and the wider regulatory frameworks need to be examined as contributing factors to the ‘breach of trust’ that Mark Zuckerberg has admitted.

   Many Facebook users feel shaken. That the Facebook privacy breach was allowed to happen is a result of the lack of end to end data governance.  The systems of regulation embedded in academia, business, and politics were co-ordinated enough to produce detailed voter profiles, but not co-ordinated well enough to prevent abuse of that information.

   Regulatory systems cannot, on their own, wield sufficient deterrence to enforce ethical behaviour on the management and developers of social networks. In order to balance the authority equation towards respect for the privacy of social network users, co-ordinated changes need to be made across the meta-systems that comprise and regulate social networks.


   Although only a small percentage of users will actually #DeleteFacebook entirely, the lack of transparency and accountability is likely to ‘chill’ their usage of the platform to avoid compromising their privacy.

   Without regulatory reform (and the framework of the GDPR appears to be a first step to achieving this) then the protests of the advertising revenue driven Facebook about being sorry will sound hollow. The advertising industry practices currently judged to be normal are privacy intrusive and harming the contributors to the social network.

   And what of trust? Trust is a social compact which is predicated on both sides having something to lose. Without the ability to impose social norms, regulation and meaningful penalties on social media companies sharp data practice will continue. In a weak regulatory environment they cannot wholly be held to account for these (repeated) breaches of trust.

   Failure to hold these companies to their social obligations is paid for by the anxiety of users who trusted their data to the network. They have been unwittingly a party to the data science of psychometrics that has been used by other parties to systematically target and destabilise the institutional structures on which their trust depends.

 The infographic below shows some of the areas which have contributed to the breach: