'Facebook is working to prevent another Cambridge Analytica': Rob Sherman

In a select media roundtable, Rob Sherman, Deputy Chief Privacy Officer at Facebook spoke about what the social media giant is doing to 'avoid another Cambridge Analytica'. 

For close to a year now, data privacy and security have been the hot topics. And Facebook took most of the heat with the Cambridge Analytica issue. 

While data is collated and collected in different forms, by itself it serves no purpose. It needs to be analysed, categorised, understood and interpreted for it to be of any use. Having said that, it is this analysing, categorising, understanding and drawing interpretations that landed companies such as Facebook in a fix. 

Cambridge Analytica and its alleged manipulation of electoral processes put the spotlight on India, especially now that the world’s largest democracy is due for general elections early next year.

To clear the air on the Cambridge Analytica issue, and how serious the social networking company is about data privacy, Facebook’s Rob Sherman spoke to select media, including YourStory, in Bengaluru on the steps taken by the social-media giant to ensure data remains private and users have absolute control over it. Edited Excerpts: 

YourStory: Post Cambridge Analytica, how important is data privacy for Facebook?

Rob Sherman: A couple of weeks ago, I did a data privacy session in Bengaluru and Delhi with the civil society, looking at the best practices for privacy. We are trying to bring expertise to the table, to hear from experts outside the company about what we should be doing and ideally the goal is to develop learnings that can help Facebook. We also realise that privacy is very individual. Different people will have different ideas about privacy, and our approach there is to make it easier. 

YS: As innovation and technology improve, you are accessing more and more of our data. How do you build a policy and look at privacy from a futuristic perspective? 

RS: As technology evolves, people are more focused on privacy and are becoming more sophisticated in thinking about what they want. It’s good that people are becoming more aware. Also, as technology evolves, there is going to be new benefits and data will be used in a way that may not be very beneficial.

A part of it is going to be transparent about how organisations are using the information. Organisations have an individual responsibility. It’s not right to put all the responsibility on people and say that you have to make all the choices for yourself. 

It's important to think broadly about what responsibility looks like and how to think about the future outcomes, particularly when it comes to legislation. We often think about the outcomes of technologies - if somebody uses Artificial Intelligence (AI) in a telephone, we are looking at that outcome. 

YS: Election is a sensitive time for most technology companies. How are things working and playing out? 

RS: We have seen the power of Facebook and social media platforms to promote people’s ability to engage and there’s a lot. We have seen people share information - we have built a cross-functional team that is focused on election integrity and making sure we work with governments and other stakeholders around the world.

When I spoke about the steps I am taking as an FB service to build better communication control, one of the things that has been a significant focus for the company is also thinking about third parties - ensuring that we build a robust process to make sure that something like Cambridge Analytica can't happen again.

YS: What are your learnings from the past year?

RS: One of the things we learnt was doing a better job with Facebook’s privacy. We need to do more, communicate the choices we make about how we build privacy products and what our privacy policies are. Asking for these things is basically asking for feedback and hearing what people want us to do. 

YS: With data privacy legislations becoming important, what is Facebook’s inputs on this? 

RS: Like I said, everybody has the right to privacy and legislation will addresses the power companies hold over people’s information. There is a lot of discussion on what the right approaches are. But I think there is a real opportunity for leadership in India to communicate through new models of privacy that recognise the need for strong privacy limits and empower people. 

We are trying to do a lot more to talk to experts - society, industry and the government. Some of the conversations we have had with experts has been about how we can build services that recognise the unique context we have.

YS: Are you open to building different storages for data? 

RS: We are working around different ways to see how localisation can work for global companies without impacting too much, especially in terms of cost and other factors. But we feel there can be a solution that can work for both. 

YS: What about companies and advertisers using data? 

RS: Another area where we get a lot of questions is around advertising and how we use information for advertising. Our philosophy is to protect people’s information. Sometimes, we are asked if we are selling people's information or not. We have created a model where advertisers can come to us and ask us for information so that they can deliver the right ad to the right person. We do it without sharing the information with the advertisers. 

YS: How does that work? 

RS: So whenever you see an ad on Facebook, you have the ability to ask “Why am I seeing this ad?" The next screen will actually give you the information about why you are seeing the particular ad. You have the ability to say: "I don't want to see this ad." There are other controls as well. 

YS: How do you think privacy will work for FB? 

RS: Privacy is hard to define. It is different for different people. But privacy is also central - each one of us needs to have privacy control and information in some way. So a lot of what we think about is letting people make choices and also being responsible. We are setting standards to make sure that everybody across the ecosystem is looking up to the standards. 

YS: How does it work? 

RS: The perspective that we have, and we are going to talk a little bit about here, is where we are investing - building better data policy, setting control, education, and the steps we are taking to achieve this. We are investing heavily on privacy at Facebook, and one of the changes we have made is that people who are working on privacy are centralised. It is about building new features to help people control their information and also building the backend engineering and infrastructure to make sure people’s information stays protected. 

Before that, privacy is still under control. One way we can capture that is by building controls that let people easily make choices about who they are sharing with and what they are sharing.

YS: What are the key tenants?

RS: We are focussed on how we are collecting information and here's how we are using it. We have redesigned our policy to be easier to read, but also to generate answers. So it’s answering in human-readable language. People shouldn't have to go and look at our privacy policy to get information. 

Earlier, there used to be 40 different choices in different parts of Facebook concerning privacy. What we have tried to do now is redesign the setting page and made it easy to see all those settings - it’s all buckled in an easy to understand page. 

Another thing we have done is built a centralised space for people to learn about their privacy - this is redesigned as privacy shortcuts so that people get access to all the important privacy choices in one place. Things like making the account more private - all of that is now available in one place. 

(With inputs from Debolina Biswas and Apurva P)