Watchdog slams political data slurpers' 'disturbing disregard' for voters' privacy

ICO's second report into data analytics in campaigning lands with a thud

Facebook heads to the naughty step

Denham made a number of withering comments about Mark Zuckerberg's enterprise during the committee hearing, saying that Facebook had a long way to go, and needed to significantly change their business practices, to earn people's trust.

She also indicated broad support for the committee's efforts to speak to the boss himself for its inquiry – the CEO has rebuffed every attempt to bring him in so far, and the firm hasn't responded to The Register's queries about whether the promise of an "international" inquiry will change that.

When asked if Zuck should appear, Denham said that being able to deal with Facebook HQ, Mountain View, had provided the ICO with "more information and a better response" than local reps. "We are all about transparency," she said. "I think it would be very useful to have Mr Zuckerberg appear, but it's not for me to say whether he should."


UK Parliament roars: Oi! Zuck! Get in here for a grilling – or you'll get a Tower of London tour


Denham also repeatedly said that the £500,000 fine Facebook was issued with would have been much larger if the incident had taken place under the new GDPR regime.

In particular, the ICO appeared frustrated at the apparent disinterest the firm showed in making sure the data sets were deleted after it found out about the data-harvesting in 2015.

"We've found some problems with the signing of [Facebook-ordered] authorisations [from organisations]; some of them weren't signed at all," she said. "The follow up was less than robust."

As well as the £500,000 fine it handed out this summer, the ICO said it had referred its ongoing concerns to the Irish Data Protection Commissioner (Facebook's European HQ is in Ireland). These relate to Facebook's targeting functions and the ways in which the Social Network™ monitors individuals' browsing habits, interactions and behaviour across the internet and different devices.

cctv camera

Facebook confirms Cambridge Analytica stole its data; it’s a plot, claims former director


However, Denham didn't sound overly keen on handing this high-profile battle over to her Irish counterparts; when asked if she had enough faith in the Irish DPC, she replied that her organisation has "more capacity to do technical audits", and that the ICO was on hand to help the smaller body (the ICO has 700 staff, 600 more than Ireland).

Eyeing up a new regulatory tie-in

When it issued its interim report in July, the ICO called for the government to introduce a statutory Code of Practice for the use of personal data in political campaigns, which it reiterated yesterday.

The body wants it to apply to all data controllers that process personal data for the purpose of political campaigning, which would include anything that relates to elections or referenda, in support of, or against a party, campaign or candidate.

Denham told MPs that this would mean that political parties were all playing by the same rules, and ensure that the public could trust that politicos were engaging with them lawfully.

This, she said, would be one way to work in definitions and rules around inferred data – information that parties used to guess wider traits, or to put people into certain groups – and lookalike audiences that are generated on Facebook.

But Denham also opined on online misinformation, disinformation and illegal content more broadly, saying that the time for self-regulation by tech giants was over.

They are already subject to data protection laws, she said, but need to be made accountable for the way they deal with "internet harms".

"When it comes to internet harms regulation, I think there also needs to be a code that's backed with statute, the power of extraterritorial reach, the powers of sanction – the powers the ICO has – those are the powers that a regulator needs to look at."

A regulator should be ready to look at the effectiveness of systems – for content takedowns, or recognising bots, for example – rather than fielding individuals' complaints.

When asked which regulator should do this, she said that content and conduct online didn't fit neatly into any one existing watchdog – but proposed that Ofcom and ICO "could be a hybrid model" as they have complementary experience.

Apparently keen to stake her claim to the potential new area, she added: "You're not going to be able to take the ICO out of the data issues; we're a horizontal not a sectoral regulator."

The full report is available online here (PDF), and more updates are due before the end of the year. ®

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021