How To Protect Your Personal Data On Facebook & Other Apps After The Cambridge Analytica Scandal

By now, you've likely heard about the story that Cambridge Analytica, a British data mining firm with ties to Donald Trump's 2016 presidential campaign, allegedly harvested the user data of more than 50 million Facebook profiles without users' permission. Facebook founder Mark Zuckerberg posted an extensive timeline of the situation on the platform today, outlining how the firm got access to this data and the steps Facebook is taking to make sure it doesn't happen again. But by now, you might be wondering how you can protect your personal data on Facebook and other sites and apps.

In Zuckerberg's statement, he outlined three steps that Facebook is going to take moving forward in order to improve your control over your data: "investigate all apps that had access to large amounts of information" before 2014, when the platform changed how apps could access data, restrict developers' access to your data, and improve transparency about how your data is available and to whom. But as Paris Martineau, writing for The Outline, put it, "[d]ata negligence isn't a Facebook problem; it's an internet problem." The fact is, the websites and apps you use have access to a ton of your personal information, and according to a 2017 study, about 70 percent of smartphone apps share your personal data with third-party companies, some of which, the researchers behind the study wrote in Scientific American, send your data to countries without stringent privacy laws.

Justin Sullivan/Getty Images News/Getty Images

If you're wondering how on earth the people behind your apps are allowed to do that, well... you gave them permission. And therein lies the No. 1 way to protect your data. "No one reads the terms of service" is a dead-horse-beating joke at this point, but it has a kernel of truth. Many of us at best skim, and at worst, just click Accept and move on to using the service.

Runa Sandvik, director of information security for The New York Times, said in a New York Times story that people "rarely" read the terms of service, and that "to avoid a privacy pitfall [...] start perusing the terms and pay particular attention to the privacy policy. If you see language that suggests your data could be shared in a way that makes you uncomfortable, opt against using the service." The Outline notes that terms to watch out for include language like "claiming that data may be given to 'third parties,' and data permissions may be allotted to those who qualify as 'third-party service providers.'"

The only problem with that is, of course, that the majority of apps you use will contain this kind of language in their terms of service, and it isn't feasible to simply stop using them wholesale. As someone who went to two colleges and then moved to another country, Facebook is still a useful way for me to keep in contact with folks I don't necessarily text every day, but still care about. As many others have pointed out, Facebook practically functions as the internet for people across the world, making deleting it not only impractical, but a question of privilege. Moreover, apps that we consider essential, such as ride-hailing services or even our email, more often than not contain these terms. For people who simply can't or don't want to stop using these services, there isn't a way to escape the risk of personal data being shared.

If you're not willing to give up using sites or apps entirely, then you should be sure you're reading the terms of service, and also be sure you know how those apps are sharing your data. For example, with Facebook, you should check to see what outside apps you've logged in to through your Facebook account. They'll all be listed under the Apps page on your Settings menu, and it's absolutely worth checking out that page. (For reference, I'd been aware of this service for a while, but still found this morning that I was logged in to 44 outside apps through my Facebook, despite thinking I'd been vigilant in not using them.)

In the end, wiping your accounts at apps and websites and staying off them forever is unfortunately the only truly ironclad way to be sure your personal data is secure. But in an increasingly digital world, that's becoming less and less of an option, which puts the onus on companies to ensure users' data is safe.