Skip to content
24 April 2018

The ethics of big data, Facebook & Cambridge Analytica

Facebook is under fire after the social media giant admitted it didn’t prevent data from as many as 50 million users getting to political data firm Cambridge Analytica, which it used to develop precise targeting to help Donald J. Trump win the U.S. presidency. Linh Nguyen from WikiTribune spoke to experts to better understand how Cambridge Analytica may have used the personal data of tens of millions of private citizens and to discuss the ethics of “Big Data”.

According to Jörg Pohle, a researcher at the Humboldt Institute for Internet and Society, the negative press surrounding Cambridge Analytica, “to say it bluntly: [is] because of Donald Trump.”

The data firm is also under scrutiny for its psychometric testing. How far is too far in this new world which gives insight into behavior, attitudes and intentions?

Cambridge Analytica has denied wrongdoing but has suspended its chief executive. Authorities and Facebook are investigating how the company obtained psychometric data on openness, conscientiousness, extraversion, agreeableness and neuroticism (OCEAN) from Cambridge University which had exploited agreements with Facebook on academic research.

Linh Nguyen from WikiTribune spoke to experts to better understand how Cambridge Analytica may have used the personal data of tens of millions of private citizens and to discuss the ethics of “Big Data”.

WikiTribune talked to:


The “big nudge”

WikiTribune: Profiling of users based on their data is widespread. Why is Cambridge Analytica under fire and when did it cross ethical lines?

Kaltheuner: They’re being investigated for how they obtained data, and that’s why they’re under fire … But micro-targeting ads, also based on psychometric data, is something that is actually done by quite a lot of companies. [Privacy International] is generally concerned about any industry that feeds off exploitation of people’s data.

Zwitter: The ethical problem begins when one profiles for themes that are sensitive regarding individual and group data protection, such as political affiliation, sexual orientation, or health, i.e. information that can be misused for political or criminal ends, and that was collected without the consent of the subject. Cambridge Analytica went beyond profiling and employed what is called “Big Nudging.”

The term comes from Nudge Marketing. One uses “nudges” that can be conscious or subconscious triggers to elicit a certain response in people. It’s one thing when you know that you’re being nudged. It’s another if it’s used to manipulate people by using unconscious desires and psychological mechanisms undermining their personal freedom of choice.

‘This eruption now is pretty much the product of double standards’ – Pohle, Humboldt Institute

Mittelstadt: Profiling … it’s sort of a shortcut to know what sort of person you are, what person you’re being perceived as. Whereas with [psychometrics], it seems to be going a step further, in the sense that companies are going to actively try to change your behaviour for a very, very specific end. It’s pushing you to take an action that would undermine one of your fundamental rights as a citizen to elect who represents you. And so I think it’s what it’s trying to push you towards, what it is they’re trying to influence, that makes this distinct from just normal profiling.

Pohle: [on why CA is under fire] To say it bluntly: because of Donald Trump. When Barack Obama and his team started … using social media data, user-generated content and meta-data on personal interactions and social relationships for targeting people in their election campaigns, almost everyone was cheering and applauding them for using these very data … to better political micro-target voters. So, all in all, I would say, this eruption now is pretty much the product of double standards.

Can we really expect politicians to crack down on companies such as Facebook when they too rely on such data to get ahead?

Pohle: Not really. But on the other hand, that very much depends on the amount of public uproar. If the public outcry is loud enough, politicians might be pressured into cracking down on these companies even against their own interests.

‘It’s hard not to use these tools, if other politicians use them too’ – Zwitter, Groningen

Kaltheuner: It’s really important that politicians set an example by promoting data protection. They should also be using data in a way that complies with the law — the fact that the UK’s Information Commissioner’s Office is looking into political parties and campaigns shows that this is, sadly, not a given. It’s also important to keep in mind that this isn’t about the big social media platforms — data brokers, data analytics companies should all be part of this conversation [too]. Because these are not consumer-facing, they get less attention than they should.

Zwitter: I think the incentive comes from the fact that social media providers like Facebook and Twitter increasingly fill a public service in … communication. However, this public service is not organized by the state, nor is it regulated. It is guided by the companies’ own “terms of use” … Theoretically speaking, this should be enough reason to at least put some obligations on the service provider. Practically, of course, politicians increasingly seem to rely on these new and disruptive techniques (incl. fake news and twitter bots, which are also part of the digital political toolkit). It’s hard not to use these tools, if other politicians use them too.

At the same time we are experiencing the devastating effects of this development already: the gradual loss of credibility of information, news and of scientific facts. How can we still make democratic choices if we cannot trust the information we receive?

Mittelstad: Of course, political campaigning will be much more data-driven now: a new standard has been set. That doesn’t mean that the politicians will be directly reliant on Facebook to supply the relevant data. There’s also the question of what stand will be taken by governments and politicians towards big tech companies. When a bad story comes out about a tech company, then everybody’s happy to jump on the bandwagon and vilify that particular company. But to affect real change in the sector, you need a concerted, broad-reaching approach, not ad hoc reactions. It will be interesting to see what role the GDPR plays in all of this going forward.

Will people change their online behaviour because of scandals like this?

Kaltheuner: I think it’s very good that this case is making people think about things like privacy and data protection and how companies are monitoring, tracking and profiling you without your knowledge or consent. However, I strongly believe that we shouldn’t place the burden on individuals. Companies need to protect privacy by default.

Mittelstadt: People will often not care about privacy … until they have a reason to. A perceived lack of concern for privacy is not a justification to violate it. There’s terminology being thrown around here [with the Cambridge Analytica issue] – whether this was manipulation or persuasion of voters. If it’s presented as persuasion, that comes off as much more acceptable. If it’s manipulation, there’s a psychological component to it, where something about you is being exploited in order to get you to take a preferred action … it depends on how people will perceive this sort of profiling.

I think the more interesting response to look at, though, will be the people that end up engaging less and less with [Facebook] over time, or sharing less and less information about themselves, as opposed to just deactivating their accounts.

McNamee: Yes. According to the National Telecommunications and Information Administration (NTIA), they have already started. This is the start of society understanding what profiling actually means. It is logical for people to think that if they give Facebook five pieces of data, they are just giving Facebook five pieces of data. Profiling involves giving Facebook five pieces of data, Facebook comparing these five pieces of data with similar data from a billion other people and generating five new pieces of data about them, that they will never have access to, and using this data to manipulate your economic, social or political choices.

Scandals like this are crucial for this fundamental and essential change in people’s perception of their privacy, security and protection of their data.

Pohle: No. The amount of people who changed their online behaviour after the Snowden revelations was really small, and the same can be expected after this Cambridge Analytica case.

How will Europe’s data protection rules, the GDPR, change this?

Kaltheuner: So in this particular case, the only reason why we’re talking about data protection, is that Cambridge Analytica is based in the UK (that’s why the Data Protection Act 1998 applies to them). The U.S. doesn’t have data protection laws in the sense that we have them in Europe. GDPR won’t change that. GDPR changes the extra-territorial reach and the consent permission is stronger, the transparency position is stronger.

Mittelstadt: On the GDPR, I think it is very much a step in the right direction. If all this had happened after the GDPR had been in force, then it would be a much more interesting conversation about how supervisory authorities in Europe respond, for example by levying significant fines against Facebook for, essentially, letting users’ data be re-purposed without explicit and specific consent. The extent to which the stronger powers given by the GDPR will actually be used by regulators to fine or control tech companies is a very interesting question, too. We just don’t know yet.

This text first appeared on WikiTribune. The interviews have been edited for clarity and readability.

This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact

Jörg Pohle, Dr.

Head of Research Program: Actors, Data and Infrastructures

Explore Research issue in focus

Du siehst eine Tastatur auf der eine Taste rot gefärbt ist und auf der „Control“ steht. Eine bildliche Metapher für die Regulierung von digitalen Plattformen im Internet und Data Governance. You see a keyboard on which one key is coloured red and says "Control". A figurative metaphor for the regulation of digital platforms on the internet and data governance.

Data governance

We develop robust data governance frameworks and models to provide practical solutions for good data governance policies.

Sign up for HIIG's Monthly Digest

and receive our latest blog articles.

Further articles

The image shows blue dices that are connected to eachother, symbolising B2B platforms.

The plurality of digital B2B platforms

This blog post dives into the diversity of digital business-to-business platforms, categorising them by governance styles and strategic aims.

The picture shows a hand with a pink glove and a cleaning spray, symbolising that this blog post wants to get rid of popular Science Myths.

Debunking Science Myths: Preconceptions about science put to the test

What is really true about preconceptions about science? Four popular myths about a constantly quarrelling group of professionals explained simply.

The photo shows a group of young people all looking on their mobile phones, showing that someone with No Smartphone is excluded and perceived as weird.

No Smartphone = Cringe Weirdo

In this blog post, author Jascha Bareis shares his experiences since getting his first smartphone just this year.