Big data and general elections: how has the American legislative scenario changed after the 2016 presidential elections?

Do you remember Cambridge Analytica?

The exploitation of the data of more than 87 million Facebook users, the election campaigns based on "microtargeting", whistleblowers, Mark Zuckerberg's testimony to the US Congress, the possible invalidation of Donald Trump's election in 2016 and the result of the Brexit Referendum...

It seems a long time ago, but can we say that we have left behind the problems behind the scandal that in 2018 arose around the British political and electoral consulting society? Not exactly, because the core of Cambridge Analytica's activities was based on a subject that is still debated today in its not being sufficiently legislated, namely that of Big Data.

Big Data that we all produce in abnormal quantities every day are collected (according to specific conditions and regulations of use), analyzed, processed and exploited in all the online activities with which we interface. Barack Obama was the first to make systematic use of them in the context of a political election, and since then their potential use has grown out of all proportion and has increasingly interested the dynamics and logic behind the election campaigns of political candidates around the world. In this sense investigating the link between politics and Big Data has been and is a source of debate, in a context where instrumental use of massive amounts of information can have significant consequences within our democracy, such as the manipulation of voters' thinking, as the case of Cambridge Analytica has shown.

In the face of growing public concern about the consequences that over-exploitation of digital users' personal data can have, it seems necessary that regulatory action be taken both by technology companies and by national and international legislative bodies.

So let's ask ourselves, have governments and Big Techs put forward a concrete solution to this demand for transparency? And if so, how confident can we be that in the United States in 2020 these risks related to Big Data have been fully mitigated?

The turning point of Facebook's "data policy"... more or less

In developing a system of "behavioral microtargeting", the foundation of Cambridge Analytica's work for years was based on aggregated data bought from specific "brokers". This is the case of Aleksandr Kogan. A researcher at the University of Cambridge, Kogan contributed to the success of the British Society by selling a huge amount of Big Data collected on Facebook thanks to the "thisisyouridigitallife" App, which works quite simply. Based on their online digital activity, users registered to the App would receive a detailed psychological profile of their person, while consenting to the release of the information contained in their profile.

It was the sharing of such information with third party companies, and not the practice of data collection itself, that constituted a violation of Facebook's rules and regulations, in fact at the time completely lawful and in line with the conditions of use of the platform. This provision, which allowed a disproportionate collection of information without any criteria of transparency towards users, together with a superficial control that the rule of non-shared data had been respected, represented the nerve center of the scandal and the subsequent process.

Mark Zuckenberg was called to the US Congress for a parliamentary hearing on the matter. On that occasion, the CEO admitted the mistake and promised the American citizens more control and security. Also through the use of specific artificial intelligence tools, Zuckenberg announced that more in-depth investigations would be carried out on the thousands of Apps of the platform for the detection of suspicious activities, which would be banned and directly warned of all users whose privacy may have been violated. According to Zuckenberg, particular attention would be paid to the use of users' personal data in the vicinity of campaigns and political elections.

So how is Facebook's data policy structured today?

Obviously Facebook, like Instagram and WhatsApp, continues to collect and use its users' data as they are the foundation of the products and services that the platforms offer. The terms of use can be found here. With particular reference to content sharing with Third Party Partners, Facebook explicitly states "We do not intend to sell your personal information to third parties, neither now nor in the future. On the other hand there is Twitter, which has taken the firm decision to abolish any advertising for political purposes from its platform, at least until a proper strategy has been developed to better regulate the issue.

Clearly the Cambridge Analytica case has shown the full extent of the shortcomings of such management and has weakened Facebook's credibility, also showing that the regulations of a private company are probably not enough to control an issue as big as the management of the privacy of millions of citizens, which leads us to another question: since 2016, how has the US legislation on Big Data changed?

The first movements within the American Congress: what has been done to change the Big Data Act in the USA?

The right to privacy is not a right directly expressed in the American Constitution. Despite this, the Supreme Court and several legislative acts in force to justify measures in the field of privacy, have often referred to the Ninth Amendment, which protects the individual rights of the citizen as not fully explained in the Constitution.

Certainly important legislative foundations in the area of privacy are the Federal Trade Commission Act of 1914, the Health Insurance Portability and Accountability Act of 1996, the Fair Credit Reporting Act of 1970, the Family Educational Rights Act and the United States Privacy Act of 1974. But the bottom line is that there is still no targeted legislation at the federal level that sets data privacy standards.

However, some steps have been taken in several federal states, which in the complex U.S. legislative system, while it may create a fragmentation of the law, it may also pave the way for similar legislation in this area, especially given the size and commercial economic role of the state in question.

In this regard, the first to have created a robust privacy law was the State of California, with the California Online Protection Privacy Act (CCPA) of 2004. Still in force today, although amended in 2014, provides that any commercial online site has a privacy policy, in accordance with specific legal requirements, with the aim of informing users of how their data is used. Other states such as Oregon, Alabama and Delaware have recently moved in this direction.

What happened in the US Congress after the Cambridge Analytics scandal?

It must be admitted that the U.S. Congress and the classrooms of the Federal Trade Commission, the U.S. agency established to protect consumer rights, in recent years have increasingly hosted discussions on issues of Big Data Legislation. Particular attention has been paid to the Data Security and Breach Legislation, originally proposed in 2014 by Democrats, which is still under discussion at the federal level to require companies and administrations to notify consumers or citizens if their personal information is violated. All this within a regulated standard IT security system that would ensure continuous control over how users' personal data is handled.

In general, therefore, yes, some work has been done and the federal legislative process takes time, but there is still a long way to go to a federal legislation that harmonizes the different approaches of the federal states to the issue and that legislates in an organic way an issue that is becoming increasingly relevant to the society in which we live.

In this respect, the United States would do well to keep an open eye towards the European Union. Drawing from a very peculiar history in the field of privacy and control of citizens, Europe has in fact advanced in 2018 a structured and consistent legislation on Big Data. The entry into force of the GDPR (General Data Protection Regulation) has seen the European Union tighten the rules on privacy for both public administrations and private companies, thus raising international standards for the protection of personal data.

And at this round? How much is the use of Big Data affecting the US 2020 presidential race?

Recently Christopher Wylie, the famous computer expert and whistleblower at Cambridge Analytica, has warned several times that the Big Data models used by CA (and therefore the foundations of the illegal activities carried out) still exist today. Wylie thus confirmed that, although there has certainly been intense public debate, there is still a long way to go in the United States to achieve a sufficient level of protection of citizens' personal data.

Equally concerned was Brittany Kaiser, former Director of Business Development at Cambridge Analytica, who has become a whistleblower, a political activist on Big Data and Co-Founder of the Own Your Data Foundation. Kaiser describes an even worse scenario than 2016 where markets for "brokering" user data to external companies not only did not stop, but multiplied.

So the question we need to ask ourselves is: how much are the dynamics that potentially favored Donald Trump's election in 2016 affecting the 2020 presidential race?

Despite whistleblowers' statements, assistants to the President in 2016 and 2020 denied and still deny using Facebook data held by Cambridge Analytica for their election campaigns. However, the fact that Donald Trump chose Matt Oczovsky, former product manager at Cambridge Analytica, to oversee the data program for the current election campaign certainly did not give good signals, and indeed alarmed the President's opponents and critics.

To sum up.

The vote on November 3 is an important test to quantify the legislative and - within certain limits - moral changes that have occurred after the scandal that exploded in 2018. Certainly linked to the big data issue are the famous "fake news" and the great debate about whether and how private digital platforms such as Facebook or Twitter should handle such online misinformation and how online advertising for political campaigns can get to manipulate voters and polarize public opinion. Unfortunately, we cannot go into this.

There are many open scenarios, specific regulations are still missing both at the level of technology companies and at the level of national law, making it very likely that cases such as Cambridge Analytica are still heard about.

So, what can I do?

It is normal to feel powerless in the face of such large and radical phenomena, and it can be instinctive a feeling of regurgitation towards digital and technology. But this does not eradicate the problem; it just risks neglecting the many opportunities and advantages that the Web and Social Media offer for problems that we are not defenseless.

There is civic and political activism, but even before that there is the action of the individual in understanding the dynamics of an increasingly digitalized society in order to manage it with consciousness.

Cultivating one's own "digital literacy", informing oneself about one's rights on the Web and how one's data is managed is already an extremely important first step to become aware online users, and therefore more aware citizens. This is where it begins.

Translated by Noemi Monaco

The sources used for this article are freely available:

Share the post

  • L'Autore

    Giulia Geneletti

    Laureata con lode in Scienze Politiche presso l'Università degli Studi di Milano, curiosa, intraprendente e sempre motivata da nuove avventure ed esperienze. Ha svolto diverse esperienze lavorative, formative e di volontariato in Italia e all'estero. Si interessa di politiche pubbliche, relazioni internazionali, comunicazione politica, affari europei e di consulenza.
    Giulia è entrata nella community di Mondo Internazionale nel Giugno 2019 ed ha da allora ricoperto diversi ruoli sia di redazione che di direzione. Ad oggi è Direttore di Mondo Internazionale HUB, all'interno del quale ha dato vita al progetto di MIPP, l'Incubatore di Politiche Pubbliche di Mondo Internazionale.

    Graduated with honors in Political Science from the University of Milan, curious, proactive and always motivated by new adventures and experiences. She has had several work, training and volunteer experiences in Italy and abroad. She is interested in public policy, international relations, political communication, European affairs and consultancy.
    Giulia joined the Mondo Internazionale community in June 2019 and has since held various editorial and management roles. To date she is Director of Mondo Internazionale HUB, within which she gave life to the project of MIPP, the Public Policy Incubator of Mondo Internazionale.


From the World North America Sections International Security Cybersecurity Society Law Politics


Cambridge Analityca Privacy Big Data USA2020 Elections Legislation

You might be interested in


Remotely piloted aircraft. What are the legal challenges for the EU in terms of security and data protection?

Fabrizio Valerio Bongiorno

The californian race to the gold of sensitive data


Big Data and Health; when big stands for great

Andrea Radaelli
Log in to your Mondo Internazionale account
Forgot Password? Get it back here