The Cambridge Analytica affair and Internet-mediated research.

Abstract

EMBO Reports (2018) e46579 In recent years, the Internet has become an essential source of data for research. A vast array of information can be collected via platforms, such as Amazon Mechanical Turk [1] and Survey Tools for specific research questions, or from harvesting social networks such as Twitter or Facebook [2]. Questions about data protection, consent and confidentiality will therefore become increasingly important [3], not only for users, but also for researchers and providers of such research and social media services. The European General Data Protection Regulation (GDPR) [4], with its paradigm of security and privacy by default, is a step in the right direction. The recent scandal surrounding Facebook and Cambridge Analytica [5] shows that these aspects of security and privacy are often not taken into account. Cambridge Analytica, a British consulting firm, was able to collect data from as many as 87 million Facebook users without their consent. The company gained access to 320,000 user profiles and their friends’ data through the “thisisyourdigitallife” app developed by psychologist Alexandr Kogan of Cambridge University, UK, when he sold it to the company. Although the 320,000 Facebook users gave their consent for the app to use their data and that of their friends, the latter were not asked for consent and none consented to passing on their data to Cambridge Analytica. Though the information was anonymized and aggregated, the fact that app users were able to consent to the use of their friends’ data is very unusual, both in terms of research ethics …