Government Slams Facebook And CA With Second Notice Over Cryptic Response

The Indian government has sent a second notice to Facebook and Cambridge Analytica aka CA after finding discrepancies between the earlier responses by the two companies during the case of data breach.

The companies have been issued a deadline till May 10 to answer to the additional queries.

After finding the first replies from CA “cryptic and evasive”, the government has sought further responses from the data mining company for five more posers from the company.

“…It is self-evident that apart from being very cryptic, the unstated intention was to conceal more than reveal,” said the latest notice to Cambridge Analytica.

Government sources that the government was compelled to take such a step after the two companies shared their responses to the initial queries, posed by the government in the wake of the data breach fiasco, were found to have discrepancies.

The notice also didn’t fail to highlight that with FB already making amendments to rectify what has went wrong in view of its recent privacy regulations and public apology, the onus to come clean is now with CA.

The government had to make this pointedly clear because the American social networking platform has already admitted that nearly 5.62 Lakh Indians were “potentially affected” by the data breach incident, however, Cambridge Analytica continues to be in denial to reveal any such data and it still claims that it does not have any Facebook data on Indian citizens.

In the fresh notice, the government has emphasised on two questions:

• What kind of data was collected in India?
• What research instruments were used to capture such data?
• Whether the company has harvested any data through third party app?
• Whether or not mining of such data was done with user consent?

In a media interaction, a senior IT Ministry official aware of the development confirmed that the government is on the move to send out a strong signal to international bodies operating in IT and data platform that any manipulation of data of Indians, in violation of law and the privacy norms, will be viewed “seriously”.

Why Continue Keeping A Watch Over Data Breach?

The concern over data breach has been multiplied manifold due to the upcoming electoral events in 2019 and has been largely moved by the example of the alleged involvement of data mining in the US elections of 2016.

For this reason, the government has starkly asked CA if the data collected for “research” has been used for any election-related work. The government has also sought information about the entities working under CA along with the details of their directors.

Further tightening the bolt on CA, the government has also asked the British company to share the templates that were used in signing the non disclosure agreements for Indian assignments.

Taking notice of Facebook’s actions post the events of the data breach, the government has asked the American company to list out security architecture proposed to be created “so that data concerning Indians are not pilfered or manipulated again for extraneous purposes including to influence the elections”. Asking for steps that can be implemented to clamp down data mining and manipulation in the electoral process, the government has set a deadline of May 10 for the responses.

It has also sought information from Facebook regarding its privacy policy, extent of data collected, consent mechanism, authorisation mechanism that allows apps to collect user data and reasons for failure to check the past breach.

The notice has asked about the proceedings that the social media giant has undertaken against those who have violated Facebook’s policies of privacy.

FB is currently facing probes in various markets in light of further possible data breach. Facebook had earlier this month announced that it is introducing a third-party fact-checking programme in India to combat the spread of “false news” on its platform, starting with a pilot in Karnataka, which goes to polls next month. Facebook is also going along the EU’s GDPR policies to abide by governments that are attempting to strengthen data security their countries.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.