As the latest media furore around Facebook's handling, or mishandling, of data makes headlines across the world, and with the looming GDPR deadline, should travel businesses be more worried than ever?

A watershed moment for how data is handled in the future, or a storm in a teacup? No doubt questions that many executives in all corners of countless organisations, including data-hungry travel businesses, will be asking this week as Facebook and Cambridge Analytica come under increasing scrutiny.

For Keith Dewey, a GDPR whizz and cybersecurity expert who will be speaking at EyeforTravel’s upcoming London show, “there is nothing fundamentally new here at all”.

It simply marks the ongoing drive of “exactly what privacy organisations, regulators and even Edward Snowden have been campaigning against since the 1948 Universal Declaration of Human Rights!”

As Dewey points out, people being targeted with specific information because of their private beliefs and actions has happened at many points in history. At its most extreme, this is how six million Jews became victims of a systematic, bureaucratic, state-sponsored persecution by Nazi Germany, just because of their beliefs. While Dewey stresses that the Holocaust is in no way a comparison to Facebook’s use of data, the amoutn of available personal data, and the way it is used has radically changed over the years. Ultimately,“the role of direct marketing and sales people is to deliver the most relevant offers to the people who are likely to be most interested!”  

Allegations against Facebook aren't new either as the table, drawn from various media sources including the Guardian and CNN, below highlights.

The latest allegations, however, which relate to how data from 50-million Facebook users, harnessed from a ‘personality’ app commissioned by Cambridge Analytica, was potentially misused for targeting in the 2016 US election, seem to have created a bigger public and media outcry than usual. This may be down to concerns in Europe that data may also have been misused to swing the divisive Brexit vote. 

Online marketing under the microscope

The reality is that companies pay big money to Facebook, and other social platforms, to advertise their services, as Aleksandr Kogan, the Cambridge academic who developed the ‘personality’ app that harnessed the data, told BBC Radio 4 on the Today programme this morning.

Kogan, who claims to have been scapegoated, by both Facebook and Cambridge Analytica, had this to say: “The big question here is how do social media platforms actually use people’s data, because fundamentally the project that Cambridge Analytica has allegedly done, which is to use Facebook data for micro-targeting is the primary use case for most data on these platforms. Facebook and Twitter and other platforms make their money through advertising, and so there is an agreement between the user saying ‘hey you will get this amazing product that costs billions of dollars to run’ and in return we can sell you to advertisers for micro-targeting.”

In the light of GDPR, Facebook could be staring down a hefty fine - of up to 4% of its $41bn global turnover  

Kogan says his only mistake is that he didn’t ask enough questions, and if nothing else, this represents the watershed moment. Because, despite of inertia on the part of huge numbers of users, who willingly, and often unknowingly, hand over their data for the privilege of using social platforms, organisations will no longer have the privilege of ‘not knowing’.

While Facebook, whose CEO Mark Zuckerberg has been notably evasive the past few days, works out what to do next, top of mind will be the looming Global Data Protection Regulation (GDPR) legislation which comes into force on May 25th. Facebook could be staring down a hefty fine - of up to 4% of its $41-billion global turnover!

With this in mind, Dewey recommends that other companies need to be thinking carefully about the following:

• Transparency for data subjects (individuals) to know what is happening to their data and to have control over how their data is being lawfully used.
• Better management of data, including the deletion of data when it is no longer specifically required.
• Demonstrable accountability from companies and their management teams.
• Enhanced contracts and oversight of third party processors.

Eventually, it is hoped, this will lead to better levels of information security and privacy.

Many travel companies have already been thinking about this as the deadline for GDPR compliance on May 25th rapidly approaches, and we will cover this in more detail from a travel perspective tomorrow.

Join us at EyeforTravel Europe (June 4,5,6) to hear more insights on getting the right processes in place from data expert Keith Dewey