The number of South African Facebook users affected by the data breach is worse than what is being reported by media outlets. An estimated 60 000 affected users is actually 96 134 people.
This is the main takeaway from a letter Facebook Ireland, the entity responsible for providing the Facebook service in all countries outside of the US and Canada, sent to South Africa’s Information Regulator in the justice department.
In an official statement, a Facebook spokesperson said, “As part of our commitment in contacting those potentially impacted by Cambridge Analytica, we recently released the figure of South Africans who had installed the app and those who were potentially impacted. The numbers of affected users originally reported for South Africa were different to those than stated in this letter – we have informed the Information Regulator with the accurate current numbers and continue to contact all those affected.”
No specific name of the spokesperson was given by the social media giant.
Read more: Regulating Facebook won’t prevent data breaches
Read more: Facebook’s aura has evaporated. Time for Zuckerberg to take responsibility
While the rest of the information contained in the document is confidential, Facebook SA openly shared this fact. The number is broken down as follows: 13 people South Africans installed the ‘YourDigitalLife’ app throughout its lifetime on the Facebook Platform (i.e., from November 2013 when the app went live to no later than 17 December 2015), which is 0.004% of the app’s total worldwide installs. A further 96 121 South Africans were affected as they were friends of people who installed the app, but did not install it themselves.
How do you know if your info was taken?
Facebook says it is contacting South Africans whose data was taken, and Arthur Goldstuck, managing director of World Wide Worx, says this is possible as the company knows exactly who downloaded the app so, by extension, it knows exactly who the friends of those users are.
“It is the broader friends network that makes this such a massive issue. There was no breach as such, but rather a loophole and lapse in privacy controls that allowed data already collected to be exploited by Cambridge Analytica. One can characterise the whole issue as an exploitation of data rather than a breach of data,” he explains.
What would SA user information be used for?
Facebook has introduced a tool that advises users, the next time they log on, whether they have been exposed to this exploitation. But what exactly is the breached South African information being used for?
“It is a myth that this is primarily an American issue. Cambridge Analytica has consulted on voting influence during events as disparate as the Brexit referendum, general elections in Kenya and Nigeria, and discrediting politicians in Sri Lanka. There is little reason to think that South Africa would not have been in the crosshairs for the next elections,” Goldstuck believes.
“Of course, the ability of Cambridge Analytica to have that kind of impact again has been severely curtailed, but we should be alert to similar activity. A company called CubedYou has collected Facebook information in a similar way for similar purposes. Others will continue to do so. Twitter has been exploited extensively in similar ways, and South Africa has been a flashpoint for this exploitation, with the Bell Pottinger campaign the most obviously damaging of these,” he adds.
Is Facebook doing enough?
While it has reassured the public and its users, numerous times, that it is consulting on and exploring safety measures, is Facebook doing enough to ensure this type of situation doesn’t arise again?
Goldstuck doesn’t believe so. “Facebook is only responding as well as it is required to do by law and media outcry. If it wishes to show its commitment to privacy and ethical behaviour, it needs to go far beyond merely complying with the law, and should be setting new standards for privacy, data protection and ethical advertising. Because its raison d’être is to make money from advertisers; however, it is difficult to change the culture of the organisation,” he explains.
In the cross hairs
And a backlash there has been. Not just from the public, but from US lawmakers as well. Founder Mark Zuckerberg was grilled for over five hours in congress about the situation, though it is debatable how clued in certain of the congress members were. While it seemed some had done their homework, others made it seem like they didn’t understand technology at all. But the highlight of the hearing, had to be John Kennedy’s comments to the Facebook founder.
But as much as Facebook is responsible for protecting its users data, it is also up to the user to protect their life. Goldstuck advises, “There is no such thing as safe personal data on social media. The rule we have always stressed is that one should not put anything on social media that one does not want publicly available.”
Michael Bratt is a multimedia journalist at Wag the Dog, publishers of The Media Online and The Media. Follow him on Twitter @MichaelBratt8