The Data Protection Working Party, which consists of DP authorities in all EU member states, will create a Social Media Working Group to develop a long-term strategy, after expressing fears that the Cambridge Analytica revelations are “most likely only one instance of the more widespread practice of harvesting personal data from social media for economic or political reasons.”
Last Month, a Cambridge Analytica whistleblower revealed that Facebook users’ data had been harvested and analysed without their knowledge – and then used for political campaigns such as Donald Trump’s run for the American Presidency and the ‘Leave’ campaign in the UK’s 2016 Brexit referendum.
Personal data from more than 6,000 Maltese Facebook users in the EU was shared with analytics firm Cambridge Analytica, the European Commission revealed, marking the second highest number per capita in the EU (1.92 per cent) after the UK. Approximately one in 70 Maltese Facebook users had their data harvested, compared with about one in 60 UK citizens.
The figure was provided by the social media giant to EU Justice Commissioner Vera Jourova after she demanded explanations about its knowledge of Cambridge Analytica’s alleged harvesting of the profiles of up to 87 million Facebook users for its work on political campaigns. A total of 2.7 million were in the EU. Users of the social media platform were affected in all 28 EU member states.
Speaking to The Malta Independent on Sunday, Data Protection Commissioner Saviour Cachia said that the Working Party 29 “resolved to have all DP Authorities speak with one voice about this issue” and referred to a strongly-worded statement issued by the group.
On 11 April, Andrea Jelinek, Chair of Working Party 29, said that “a multi-billion dollar social media platform saying it is sorry simply is not enough,” while also expressing concerns that the case is “most likely only one instance of the much more widespread practice of harvesting personal data from social media for economic or political reasons.”
“We reiterate our earlier commitment to assist and fully cooperate with the UK’s Information Commissioner’s Office (ICO) in its investigation of Cambridge Analytica and Facebook. We are also committed to working closely together through our existing Facebook Contact Group1 and speak with one voice.
“We are at the start of a new era of data protection. The protection of individuals against unlawful use of their personal data on social media platforms will be one of our key priorities.
“WP29 is fully aware, however, that the issue is broader and concerns other actors, such as app developers and data brokers. The work of this Social Media Working Group will continue after the establishment of the European Data Protection Board. The EDPB will have a wide range of competencies in order to ensure the consistency of the application of the General Data Protection Regulation (GDPR).”
On 25 May, with the entry into application of the GDPR, WP 29 will be replaced by the European Data Protection Board.
This, Cachia explained, would allow a one-stop shop mechanism to be applied through a joint decision-making process amongst all EU Data Protection Authorities, which could enhance enforcement in cross-border cases.
“On a local level,” he continued, “if we receive a complaint before 25 May, we will advise the individual to refer it to the competent Supervisory Authority (ie UK ICO or Ireland DPA). We will be in a better position to assist data subjects following 25 May when the GDPR is brought into application.”
Cachia said that while the Office has no jurisdiction over Cambridge Analytica (UK ICO) and Facebook (Ireland DP Authority), he was sure that both authorities were taking the necessary steps and measures in accordance with their own laws.