One of the key factors is the fact that the respondents to the original psychological tests never gave permission for the data to be used for anything other than that test.
- Combining with all their FaceBook friends data? NO.
- Being used to promote Donald Trump? NO
- As part of the BREXIT campaign? NO
All personal data can only be used for the purpose the individual gives permission for. And every individual can demand that any company or organisation detail the personal data held (Subject Access Request or SAR) and if desired have it redacted unless there is a reasonable reason for that data to be retained, analysed and used for decision making.
Just imagine 50 million SARs heading Cambridge Analytica's way! And before you laugh too much, the same will be happening to you from May this year.
Can you identify ever bit and byte of personal data held in all that unstructured and semi-structured data you have acquired through mergers and acquisitions?
Time to find a solution to retrieve every one before it is too late.
Beyond GDPR there is more that the consumer needs to take control of. In the case of Facebook, this is limiting what 3rd party apps have access to. And this can be confusing with apps constantly “complaining” that they will not work properly without access to body sensors, contacts or the camera. And the user needs to ultimately start with a point of zero-trust—turn off all access—and then test for themselves how the app behaves and then gradually turn on permissions as needed.