Marking 20 years
of bold journalism,
reader supported.
Science + Tech

Seven Myths About the Facebook Data Scandal

And why Canadian politicians are far ahead of their US counterparts in understanding how social media works.

Bryan Carney 26 Apr

Bryan Carney is director of web production at The Tyee.

Parliament's Standing Committee on Access to Information, Privacy and Ethics launched its probe of the recent Facebook data scandal last week with two publicly broadcast hearings. So far the committee has created far less viral video potential than the U.S. congressional equivalent the week before.

And this is a good thing. Because one of the most shared clips from the U.S. hearings was set to fitting tuba music from an era suited to the Senate committees ranking members, who were an average of nearly 80 years old.

By comparison, the Canadian MPs in the parliamentary committee (who averaged a not quite digital-native 54 years old) seemed very well-versed on the history of the Cambridge Analytica case, the nature of Facebook's business model, and the questions that immediately preceded their own. They did not merely read without looking up from written words they seemed to be encountering for the first time in their lives. They did not cause Zuckerberg's Canadian stand-in, Kevin Chan, to stare blankly in disbelief for a few seconds before dignifying questions he might have already answered five times in five ways.

They did not demand that Facebook compare itself to two competing car companies, ask (with dismay) how on earth the company intends to make money from a free service like Facebook, or grill Chan about "emailing" in WhatsApp.

Aside from a couple of digs by Conservative MP Peter Kent about the Liberal party's association with Cambridge Analytica whistleblower Christopher Wylie and inaction since "our Conservative government" implemented the Personal Information Protection and Electronic Documents Act, there was comparatively very little partisan posturing in the tri-partisan Canadian committee. By contrast, the U.S. hearings, practically every Republican questioner got in a statement-as-question to suggest Facebook was biased against politically conservative blogs and that Obama was as guilty as Trump of abusing the platform.

But as with the politicians in the committee in the U.S., however, none of the Canadian politicians have backgrounds or expertise in data or IT. We have not yet reached the day where there are geeks to choose from among MPs for such a committee. A tech-savvy leader with governmental qualities is more likely to be working for Facebook, which, like many tech giants, is providing services that are looking more and more governmental. And this may be a problem given the emerging need for understanding and regulation of increasingly essential services provided by these companies.

The members of the Standing Committee on Access to Information, Privacy and Ethics.

Nonetheless, honest workers in Canadian tech can likely be less anxious than in the U.S., where tech should be very fearful of any policy produced by the Senate committee, the members of which might have also once drafted regulations on another disruptive technology called "the telegraph."

The Canadian parliamentary committee was well-briefed and had a better format with fewer strict time limits on questions, including most crucially, a session with a neutral expert separate to the Facebook hearing. It was distinctly more Canadian — the MPs apologized for cutting off Chan, saying more than once, "I don't mean to be rude," and alluding to upcoming votes they had to attend.

They also extracted valuable information from data breach expert Chris Vickery of Upguard, whose discoveries of data stores left open by mistake have given us the best insights about the workings of Cambridge Analytica and its ties to Victoria-based Aggregate IQ. They made use of the additional information provided by this expert to grill Facebook far more effectively than the American committee did.

Still, most of you were likely to watch, or have heard about, the U.S. hearings compared to its Canadian counterpart, and that means you're likely to have picked up a few misconceptions that surfaced in that broadcast. So let's bust seven myths about the Facebook data scandal:

1) No, Facebook did not sell your data to Cambridge Analytica or Aggregate IQ or the BC Greens.

Facebook wishes it had done so because it would have made a lot more money and would have cut out the middlemen who are causing Facebook so much trouble. In fact, the social media giant freely gave away your information to app developers who needed that data to make their apps work. Facebook did formally forbid such data sucking but did nothing technically to prevent it from happening.

The data can be easily exported out of Facebook as long as an app developer pinky-swears, via terms of service agreements, they won't do anything evil and will erase it later if the user or Facebook asks them so (in their defence, many app developers had fingers crossed on their other hand, negating the pinky-swear).

2) No, Cambridge Analytica and related pages did not send Facebook ads customized to each user.

Unfortunately, you aren't quite that special. The Facebook ad platform enables targeting based on specific criteria, such as what you like, your age, where you live and your likely interests based on your activity. It does not deliver an ad to any specific person explicitly — ads are shown to everyone in whatever category you find yourself in. The revelations in Upguard's analysis may indicate that targeting was quite precise, however, which theoretically could enable a target group of one.

But ads aren't what Cambridge Analytica and unrelated trolls the world over did best — their forte was to create regular posts on troll accounts and messaging on pages knowing they would appeal to certain people. The messages were likely based on more sophisticated analysis done on data yanked from Facebook and elsewhere. They could then count on Facebook's algorithms to boost that heavily liked content to the top of news feeds, for free.

3) It's not a breach.

Some of the leading hashtags in social media about the Facebook data scandal are #FacebookDataLeaks and #FacebookDataBreach. They're both wrong: nobody breached or gained unauthorized access to any system.

This is important because it highlights that fact that many thousands of applications on Facebook besides Cambridge Analytica's "My Digital Life" used completely normal app abilities and guidelines to get at people's Facebook data — and that includes getting your data when a Facebook friend of yours used the app. Facebook's app instructions told them exactly how to do so.

4) It's not a leak.

If Cambridge Analytica leaked this data, the implication based on the most common technical usage is that it would have been given to the press or the security community or a white-haired combination of the two in an Ecuadorian embassy in London. We would have had this crisis in 2015 and perhaps different election outcomes. Cambridge Analytica kept the information it gleaned from Facebook locked away for its own purposes.

5) No, Facebook did not fix the problem in 2014.

Facebook alerted developers in April 2014 that the ability by app developers to grab information from Facebook members using their friends list would soon be retired. "Soon" meant in a year — April 2015 — when Facebook ended the ability to use the first version of its app software galled "Graph API." It then made it a bit harder to get detailed information about friends that hadn't also installed the app. But as The Tyee reported and later The Telegraph in England echoed, friends' names and profile pictures were still being handed over from app users until April 4 when Facebook quietly shut down that capability.

6) No, you won't only be tracked on websites where you click a Facebook "like" icon.

Sorry, but you've already been tracked. As Zuckerberg admitted to the U.S. Congress, you don't need to be logged into your Facebook account anymore to have data about your browsing captured.

7) No, Cambridge Analytica's app "My Digital Life" did not "scrape" a bunch of data from Facebook users.

It would have been much harder if it had. Though the term has been used improperly more often than not by both U.S. and Canadian politicians, "scraping" is a specific technical term that refers to fetching data from normal web pages that you and I visit on our browsers. Bots can pretend to be humans and pull data using sophisticated filters to turn it into databases that are more computer-friendly.

"My Digital Life" merely fetched the data in a completely run of the mill way, following Facebook's clear guidelines that told the app how to do so in a nice database-friendly format.

And there you go, a few myths busted.

The Standing Committee on Access to Information, Privacy and Ethics is expected to determine over the course of the two-week probe, launched last Thursday, if a broader study is required.

Notable progress is that Facebook has agreed to register as a lobbyist in Canada. The company initially claimed it does not meet the required threshold after a grilling by NDP MP Charlie Angus during the first recorded session.  [Tyee]

Read more: Politics, Science + Tech

  • Share:

Get The Tyee's Daily Catch, our free daily newsletter.

Tyee Commenting Guidelines

Comments that violate guidelines risk being deleted, and violations may result in a temporary or permanent user ban. Maintain the spirit of good conversation to stay in the discussion.
*Please note The Tyee is not a forum for spreading misinformation about COVID-19, denying its existence or minimizing its risk to public health.


  • Be thoughtful about how your words may affect the communities you are addressing. Language matters
  • Challenge arguments, not commenters
  • Flag trolls and guideline violations
  • Treat all with respect and curiosity, learn from differences of opinion
  • Verify facts, debunk rumours, point out logical fallacies
  • Add context and background
  • Note typos and reporting blind spots
  • Stay on topic

Do not:

  • Use sexist, classist, racist, homophobic or transphobic language
  • Ridicule, misgender, bully, threaten, name call, troll or wish harm on others
  • Personally attack authors or contributors
  • Spread misinformation or perpetuate conspiracies
  • Libel, defame or publish falsehoods
  • Attempt to guess other commenters’ real-life identities
  • Post links without providing context

Most Popular

Most Commented

Most Emailed


The Barometer

Are You Concerned about Your Municipality’s Water Security?

Take this week's poll