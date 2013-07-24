IT’S BEEN a stormy few weeks for Facebook.

The social media website has been rocked by a scandal involving Cambridge Analytica (CA) which has been accused of harvesting millions of Facebook users’ data.

Facebook received a number of warnings about its data security policies and it has been reported that they have known about the CA data breach since 2015.

A whistleblower has revealed that personal information had been taken by CA without authorisation and said the firm used the data to help Donald Trump’s US presidential campaign target political ads on the platform.

Although the company has denied using Facebook data in its work on the campaign, Facebook’s co-founder Mark Zuckerberg has said it was a mistake to rely CA to delete tens of millions of Facebook users’ data as he apologised for the “major breach of trust”.

He added that he was now open to Facebook being regulated and accepted that malign actors were trying to use the site for political ends.

But is it too little too late?

Facebook’s collection of data has come under increased scrutiny after information on millions of users was leaked by a third party.

The hashtag #DeleteFacebook has trended online and many users have chosen to download copies of their Facebook data to better understand what information the social network has collected about them.

These files, which Facebook enables users to download freely, confirm the company has a wide range of information available on people, beyond the obvious content that is visible on someone’s profile.

Damon Rands, CEO of Newport based cyber security consultancy Wolfberry Cyber Security, said that people have a false sense of security when using social media.

He said: “The information people volunteer on social media constantly astounds us. When we test our clients security the first thing we refer to is the staffs social media accounts, to see what insight they can provide us with. We quiet often find users give up the most sensitive data with reckless abandonment.

He added that data gathering is more prevalent that people might realise.

“This sort of practise is widespread,” he said, “and it is one of the main reasons why we are seeing the introduction of the General Data Protection Regulation (GDPR) on May 25.”

The GDPR replaces is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations approach data privacy.

The biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the EU, regardless of the company’s location.

In the past the application of the directive on countries was ambiguous, and it has arisen in a number of high profile court cases.

The regulation makes its application clear and will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.

Companies will no longer be able to use long illegible terms and conditions full of legal terms, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.

This consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must also be as easy to withdraw consent as it is to give it.

If someone breaches the regulation they can be fined up to four per cent of annual global turnover or €20 Million, whichever amount is greater

Social media users might not realise the implications of data gathering and how much information can be taken.

Mr Rands said: “They can steal whatever the social media users upload to their accounts, it’s quite straight forward really, users should accept that any information that they add to their accounts is publicly available no matter what their privacy settings are.

“This information can easily be used as part of a hack, but more likely is that the data will end up being used in identity theft. We find it’s normally relatively easy to access a user’s social media profile using the historical info they have previously added.”

Facebook users from Gwent have had a mixed reaction to the data gathering scandal.

Alana Davies from Newport said: “I feel that Facebook has breeched our safety, but it has not affected me.

“I always think twice about what I post.”

Another reader taking the threat seriously is Jodie Middleton from Malpas.

She said: “ I check my privacy settings regularly and I always make sure I never fill in any of those surveys, so I’m not too worried as I keep a lot of my details off Facebook.

“I’ve also recently had a baby and I’ve only posted a few photos as I keep most of them in a WhatsApp chat with family members I want to share more photos with.

“This is to keep her life private too.”

Here is some of the lesser known information Facebook gathers about its users.

Phone call and SMS message history

In going through their own files, several users have reported alarm at Facebook’s data-gathering because their files were found to contain phone call and SMS message history logs.

The data included time and date information of calls and messages sent to friends and family.

However, the social network has already responded to reports on the issue, asserting that this collection is not done without first gaining user permission.

Facebook said the measure is an opt-in feature for the Messenger for Android app and the streamlined version of the site - Facebook Lite - and was designed to help better connect users.

Wider contact information

As well as the list of friends a user has on their Facebook account, the names and contact information - such as phone numbers and email addresses - of anyone saved to a device on which you use Facebook also appear as part of the data.

Again though this is an optional feature, Facebook asks users first if it can access their contacts list as a way of finding and suggesting connections on the social network.

The process is also common across many social media and other apps, usually occurring shortly after first joining a service.

But it does means some people without a Facebook account could see their phone number become part of the platform’s data archive, should any of their friends or family be on the site.

Deleted and declined friend requests

Facebook’s data on users includes not just their current friends list and the date that online friendship began, but also a list of friend requests a user has declined and those friends they have removed from their profile.

The data also features lists of friend requests sent by the user that were declined by others, offering a detailed picture on interactions with others on the site.