The world has just learned how a data analytics firm, Cambridge Analytica, harvested the data of 50 million Facebook users and used that information to feed strategies such as ‘behavioural microtargeting’ and ‘psychographic messaging’ for Donald Trump’s presidential campaign in the U.S. Chris Wylie, a former CA employee-turned-whistle-blower, set off a storm (move angrily or forcefully in a specified direction) with revelations of how the company had deployed (bring into effective action) a ‘psychological warfare’ tool for alt-right media guru Steve Bannon to try to sway (control or influence (a person or course of action)) the election in Mr. Trump’s favour.

CA chief executive Alexander Nix, who was suspended a few days ago following an undercover report by a British TV broadcaster, said the company has used other dubious (hesitating or doubting) methods in projects worldwide — including honeytraps (a stratagem in which an attractive person entices another person into revealing information or doing something unwise)  to discredit clients’ opponents. The combination of using personal data without consent and tailoring slander (make false and damaging statements about (someone)) campaigns (work in an organized and active way towards a goal) , fake news and propaganda to discovered preferences of voters is a potent and corrosive cocktail. Facebook has said its policies in 2014, when a personality profiling app was run on its platform, permitted the developer to scrape (copy (data) from a website using a computer program) data not only from those who downloaded the app but also from the profiles of their Facebook ‘friends’.

Yet it did not make sure the data were destroyed by the app’s developer Aleksandr Kogan, a Cambridge University academic, nor by CA itself when it came to light that Mr. Kogan had sold the data to CA, a third party. Facebook founder and CEO Mark Zuckerberg has offered an apology and expressed willingness to cooperate with inquiries and potentially open up Facebook to regulation.This episode has brought to light several issues that need to be addressed. First, companies have been collecting data and tailoring marketing campaigns accordingly. The issue here is particularly prickly (ready to take offence) because politics and elections are involved. Second, regardless of whether what Facebook and CA did was legal or not, something is broken in a policy environment in which the data of millions are taken and used when only 270,000 people knowingly or unknowingly gave consent (give permission for something to happen ; allow).

Third, technology is evolving at a rapid pace, raising the question whether laws need to be reframed mandating an opt-out approach universally rather than an opt-in approach. Individuals often share their data without being aware of it or understanding the implications (involvement ; connection) of privacy terms and conditions. Fourth, there must be clear laws on the ownership of data and what data need to be protected. Personal data cannot be the new oil. Individuals must own it, have a right to know what companies and governments know about them and, in most cases, that is, when there are no legitimate (conforming to the law or to rules) security or public interest reasons, have the right to have their data destroyed. The CA issue is a wake-up call for India; the government is still dragging (protract something unnecessarily) its feet on framing a comprehensive and robust data protection law.