Last week was pretty interesting when it comes to the violation of privacy by the hand of the internet giants.
Firstly, YouTube agreed to pay $170 million after it agreed to a settlement with the New York’s attorney general and Federal Trade Commission.
Just a day after news broke about Facebook keeping a huge database containing more than 400 million phone numbers of its users on a server, without any protection, not even a password.
Let’s start with YouTube.
What did Youtube do?
The biggest video sharing site on the world got sued by the FTC and New York attorney general because it misused children’s private data and shared it for advertisement purposes.
That’s not in line with COPPA (Children’s Online Privacy Protection Act) that is there to protect children aged 13 and below from their private data being misused. But YouTube did just the opposite, the site collected and illegally used children’s data, even boasted about the fact to advertising firms.
YouTube executives claimed they didn’t have to comply with the COPPA because YouTube doesn’t officially have users under the age of 13 but in fact, things were different.
We all know that young children (much younger than 13) watch YouTube daily, with the service being populated by a plethora of content aimed at young children.
The collected data was used to create ad profit by targeting children with ads custom-tailored for them based on their private data, which should be forbidden by the COPPA.
Google, the parent company of YouTube, pays the fine
But after the settlement, Google, the parent company of YouTube, agreed not only to pay the fine but also to introduce major changes in how the site handless data of children under the age of 13.
From now on YouTube will have to ask parents’ permission before being able to collect and share personal data of children, such as their names, photos, browsing data, watch history, etc.
Further, YouTube will ask YouTube channels to identify content aimed at young children in order for the company to amiss targeted ads from such content.
Youtube and COPPA
In other words, YouTube simply agreed to comply with the COPPA after it spent years disregarding it and critics of the settlement claim that the company is behaving like it’s above the law.
Jeffrey Chester, the director of the Center for Digital Democracy, a nonprofit organization that greatly contributed to the enacting of the COPPA in the first place has interesting comments regarding the settlement. “Merely requiring Google to follow the law, that’s a meaningless sanction,” Chester said, explaining that “It’s the equivalent of a cop pulling someone over for speeding at 110 miles an hour, and they get off with a warning.”
Senator Edward J. Markey, a Democratic senator from Massachusetts commented that “The F.T.C. let Google off the hook with a drop-in-the-bucket fine and a set of new requirements that fall well short of what is needed to turn YouTube into a safe and healthy place for kids.” And it’s true.
Alphabet (Google’s parent company) reported a profit of $30,7 billion and total revenue of $136,8 billion for 2018. The $170 million settlement is less than two permille of the company’s total yearly revenue.
But at least YouTube will have to comply with the COPPA from now on and let’s hope that young children will have their privacy intact while watching videos.
Oh, no! Facebook did it again...
Another piece of online privacy blunder news comes from Facebook.
The company did it again, it added another scandal to their infamous track record of misusing their users’ data. Techcrunch first reported that more than 400 million records – each record containing user’s unique Facebook ID along with their phone number – were found online.
Records were kept in several databases on a server that didn’t have any form of protection, not even a simple password. That means that anyone who stumbled upon it could access every single record without any problem.
Techcrunch managed to verify “a number of records in the database,” and discovered that some records, in addition to the Facebook ID and phone number, also had other information such as the user's name, gender, and country of residence.
And while Facebook ID numbers are public numbers associated with unique user accounts, phone numbers were to be kept private. In fact, Facebook restricted their access to users’ phone numbers as part of their own push to better handle user data.
The finding comes after the infamous Cambridge Analytica scandal that was the trigger for an avalanche of various cases of privacy misuse, data breaches, and mishandles of private data of Facebook users. This April Facebook managed to get itself involved in three security breaches in less than a month.
And it seems that the stream of privacy scandals involving internet giants such as Facebook and Google could lead to actual cases where CEOs of said companies could finally carry the burden of personal responsibility.
Rohit Chopra, a Democratic FTC commissioner who voted against the YouTube settlement explained that he did it because the fine was minuscule and not a single person from YouTube and Google were held responsible.
“No individual accountability, insufficient remedies to address the company’s financial incentives and a fine that still allows the company to profit from its lawbreaking,” Chopra said, explaining his vote against the settlement adding that “The terms of the settlement were not even significant enough to make Google issue a warning to its investors.”
Democratic Senator from Oregon, Ron Wyden, who had a big role in creating the rules of the modern internet proposed a bill that would hold the CEO of large companies that keep large databases of their users personally responsible in case of data breaches and privacy violations.
He noted during his interview with Willamette Week that "Mark Zuckerberg has repeatedly lied to the American people about privacy," adding that "I think he ought to be held personally accountable, which is everything from financial fines to — and let me underline this — the possibility of a prison term. Because he hurt a lot of people."
Consumer Data Protection Act
The statement is in line with his draft bill, titled the Consumer Data Protection Act.
The bill states that companies who have at least $1 billion in revenue along with having personal data of at least 1 million consumers, or companies holding data of 50 million users no matter their yearly revenue, have to protect their users’ data. They are required to protect the data and to present annual reports proving they are in compliance with the law.
In case that a company doesn’t comply and fail to protect personal data of its users, corporate officers including CEOs (any officer who signed off the yearly reports), could be directly prosecuted and fined for at least $1 million. They could also face jail time for up to 20 years.
Now, the Consumer Data Protection Act is just a draft, it isn’t certain that the law will be passed, but it is a definite step in the right direction.
Recent years saw hundreds of scandals involving data breaches, mishandling of private data, flat out usage of private user data for purposes that weren’t known to the public, and other variants of the abuse of online privacy. And at the moment penalties, if any, come down to fairly low financial fines.
Maybe if CEOs become personally accountable, facing potential jail time, the internet giants would finally start handling their users’ data with respect and on a fair basis.