I have the privilege of teaching Privacy Law at Roger Williams University School of Law, one of the few law schools in the country to offer the course. This is the fourth year the course has been offered, and the students who take the course are bright and engaged. The fun thing about teaching the course is that the syllabus changes frequently, and sometimes something new happens that makes you throw the syllabus out the window. You can’t do that in a contracts class.

This is exactly what happened this week. The planned topic for class was data breach notification laws and state data security laws. However, the topic of conversation from the start was the Facebook/Cambridge Analytica case. The students were to research and analyze the facts and be ready to discuss the laws that were applicable (or not), whether it was a data “breach,” what the parties did right or did wrong, and the fallout. Needless to say, it was a lively discussion.

What has been surprising to me after the news broke about the case was how mad people are about it. “It is more personal” than the disclosure of financial information say some. “They were using my data for political purposes!” say others. In general, my experience in the last two weeks has been that people are more interested in what data Facebook had about them, what they did with it, and how it was used and disclosed than any previous data breach or security incident ever. This is surprising to me because posting things on Facebook does not seem very private to me and, of course, we should all know that Facebook and other social media platforms are using the data you post in ways you could never expect or know.

What was even more interesting to me was that my students went beyond researching the facts and really started investigating and digging deeper into the facts and the implications of them. And in doing so, they taught me a few things about the incident too, which I will share with you.

For instance, did you know that you can find out exactly what information Facebook had and disclosed? One student shared this:

“Want to see what information of yours is out there? This is how I got to it: https://www.facebook.com/help/contact/180237885820953

Then, if you want to make more sense out of it, there is open source R code someone wrote and posted on GitHub: https://gist.github.com/dylanmckay/2b191a10068bd87d0fffba242db44b52.

I got this info at: http://www.iflscience.com/technology/people-are-downloading-their-facebook-data-and-are-horrified-by-what-theyre-finding/all/

Another found:

“If you go to Ads on Facebook, Facebook will label you as either “very liberal, liberal, moderate, conservative or very conservative” and use that preference to target ads to users.

And finally, another noted that LinkedIn updated its Privacy Policy after the Facebook incident:

“We’re updating our Terms of Service and wanted to give you an overview of some of what’s new. These changes impact our User Agreement, Privacy Policy, Cookie Policy and Professional Community Policies and are effective May 8, 2018. Anytime we make updates, we hope to make it easy for you to understand your choices and the control you have over your data and content on LinkedIn.
Check out my blog post for full details. Here’s some of what’s new:
·         We make it even easier to understand the data we have about you, how you can correct it and how you can ask us to stop using it.

·         Our new settings give you more control over ads you see and more transparency about the data shared with advertisers.

·         Refreshed community policies make sure LinkedIn stays a platform where people act professionally. Built from our well-established community guidelines, these policies encourage discussions that can help our members be more productive and successful, and outline what activity may be stopped by LinkedIn.

  • For example, harassment and hate speech are not welcome on our platform and could result in permanent restriction from LinkedIn.
  • Also, if you are being paid to share or endorse a product or service, you need to disclose that you’re being paid for your opinions or actions.
Your privacy comes first in all of these updates. We now meet the high standard for data privacy introduced by the new European data protection law known as the General Data Protection Regulation (GDPR), which goes into effect later in May. LinkedIn members around the world will benefit from many of these changes. To learn more, check out our GDPR Help Center.
If for any reason you don’t agree to our new terms and would rather close your account than opt out of specific new features, you can do so.
Thanks for being a member,

Sara Harrington, Vice President of Legal at LinkedIn

I teach my students, but my students teach me. It gives me great hope for the future of the data privacy and security profession.