More than 59 000 South African Facebook users may have had their personal information exposed to British political consulting firm Cambridge Analytica without their consent.
The worldwide data breach scandal broke when US media reported that a personality application called This Is Your Digital Life,
developed by a Cambridge University researcher with interests in cognitive and behavioural neuroscience, Aleksandr Kogan, surfaced.
Kogan allegedly passed the information - unwittingly submitted by Facebook users who downloaded the app - to Cambridge Analytica, a British political consulting firm.
The company, in turn, apparently used it to influence the behaviour of American voters in the build-up to presidential elections in that country.
Responding to questions posed by the Weekend Argus, the Saturday Star’s sister newspaper, about the data breach, Facebook said 33 South African users downloaded the application and “59 777 users were potentially impacted in South Africa (friends of those who installed the app elsewhere)”.
Facebook requested that no spokespersons be identified in divulging this information.
This week, the US Congress in Washington grilled Facebook founder and chief executive Mark Zuckerberg over the company’s business model and the breach of trust, affecting about 87 million users worldwide.
Facebook had 19 million monthly active users in South Africa, it said.
Advocate Pansy Tlakula, the chairperson of the Information Regulator of South Africa, said it had written to Facebook demanding answers about how the breach might have occurred and what measures had been put in place to prevent further compromises.
Tlakula said that according to the Protection of Personal Information Act (POPI), some of whose sections were not yet in effect, “Facebook must put in place measures to secure the integrity and confidentiality of personal information in its possession or under its control”.
However, for users in South Africa, “Facebook will only submit to the courts in America or Ireland, where its international headquarters are located,” said Okyerebea Ampofo-Anti, a partner in the dispute resolution department of Webber Wentzel and a media law specialist. She said once the POPI Act came into full force, it would give South Africans more protection for their personal data online.
Social media users needed to be more cautious about their activity online, Ampofo-Anti warned.
“Users need to be aware that every time they use third-party applications on Facebook, like games or quizzes, the application usually asks for permission to access certain information that you have provided to Facebook, for example your birthday and your location data.
While Facebook needed to be more proactive to ensure that third-party applications that used its platform or that were integrated with its platform, did not harvest excessive amounts of personal information from users, it was users themselves who needed to be cautious.
“Limit the amount of personal details that you post and never share personal details that could compromise your safety,” said Ampofo-Anti.
Before 2015, she said, Facebook allowed third party applications to obtain permission to access information on a user’s friends, “which means that your data may have been collected by third parties because one of your Facebook friends decided to play a game and gave the application permission to collect their information as well as yours”.
“This was obviously unacceptable and Facebook has since changed its policies to try and curb this practice.”
Tlakula said any person affected by Facebook’s alleged data breach could lay a complaint with the regulator via www.inforeg.gov.za.