Ethical Dilemma

The number of cases involving immoral actions has increased across the globe which raises the importance of business ethics in corporations. Organizations focus on gaining a competitive advantage over their competitors by engaging in unethical mediums which raises the importance of compliance with corporate governance principles to ensure that companies consider the interest of all their stakeholders while taking business actions (Kubasek, Brenna & Browne, 2017). This essay will focus on evaluating the case of Cambridge Analytica scandal in which the privacy of millions of Facebook users was breached. This essay will identify the ethical dilemma which arises in this scenario and evaluates it based on two ethical frameworks which include Utilitarianism and Deontological ethical theory. The legal concepts relating to consumer protection will be analyzed in this essay to evaluate how Facebook has violated its policies. Three additional legal topics which apply in this scenario will be evaluated in this essay which includes corporate social responsibility (CSR), white collar crimes and cyber law.

In the Cambridge Analytica scandal, the private information of more than 87 million Facebook users was collected by a third party that was used in the 2016 US Presidential Elections to support President Donald Trump (Chang, 2018). The key ethical issue is whether companies should be allowed to collect private data of their users without their consent and allow third parties to access such information as well. If the technology companies are not able to protect the data of their users, then whether or not they should be allowed to collect it in the first place. Another ethical issue is the failure of Facebook to further ensure the security of its users which resulted in adversely affecting millions of individuals. Facebook failed to ensure that the security of its users is maintained and their data is not accessed by third parties for unfair practices (Hern & Pegg, 2018). The key ethical dilemma raised in this scenario was that the privacy of users was breached due to the actions of Facebook because it prioritized profitability about data security.

The ethical dilemma arose when Facebook launched a new program for its developers called Open Graph in 2010. It was a tool which can be used by third party developed to collect the data of Facebook users who use their application. However, the major issue with this platform was that developers could also access the data of the friends of Facebook users who have not used their application. An application was developed by Global Science Research called ‘thisisyourdigitallife’ which was launched in 2013 by the company (Valdez, 2018). This application creates a psychological profile of users who use the application by giving answers to certain questions. This platform was closed by Facebook in 2014; however, the data which was accessed by the companies were not recovered back. In 2015, it was reported that the data of Facebook was used by Cambridge Analytica to support the presidential campaign of Ted Cruz. Later, in 2017, it was further reported that around 50 million users were affected by a data breach in which their data was accessed to find potential Trump supporters in the 2016 US Presidential Elections. It was later reported by Facebook that more than 87 million users are affected due to this data breach (Chang, 2018).

Ethical Framework

A committee was established by the government of the United States to entertain this matter to evaluate whether the laws should be stricter to ensure the privacy of users. Mark Zuckerberg, CEO, Chairman and the Founder of Facebook, admitted that it was a mistake of Facebook that the privacy of its users was breached. He also promised to improve the privacy policies of the company to strengthen the security of its users. The Information Commissioner’s Office (ICO) in the United Kingdom imposed a fine of £500,000 on Facebook for its failure to protect the data privacy of its users (BBC, 2018). This is the maximum fine which can be imposed by the ICO; however, this is less than ten minutes income for Facebook. The shares of the company plummeted after this incident, and they continue to fall which resulted in causing substantial loss to the shareholders of the enterprise. After few months, Facebook was involved in another cyber-attack in which the hackers collected login details of more than 50 million users (Statt, 2018).

The first ethical framework is the Utilitarianism ethical theory which is also called Consequential theory. This theory is a part of normative ethical theory, and it judges the rightness and wrongness of a scenario based on its consequences (Kubasek, Brenna & Browne, 2017). This theory focuses on greater good for a greater number of people. As per this theory, the actions of Facebook are unethical. The company focused on increasing its profitability when it decided to implement Open Graph platform which shows that it focused on increasing its profits rather than security the privacy of its users. The consequences of this decision were resulted in violating the privacy of more than 87 million users. Moreover, the company continued to collect the data of its users after this incident without taking drastic measures to avoid collection of personal information such as political preference and others. Shortly after this incident, the database of the company was attacked again in which login details of 50 million users were breached (Valdez, 2018). The shareholders of the company also suffered negative consequences of this incident because the prices of the shares of Facebook plummeted quickly after this incident. Since happiness of a greater number of people was not achieved, the actions taken by the company and its executives are unethical.

The second ethical framework is the Deontological ethical theory which is also a part of normative ethical theories. This theory is opposed to the Utilitarianism ethical framework since it did not consider the consequences of a situation while determining its morality. As per this theory, the morality of a situation is based on rightness or wrongness of the actions of the parties rather than consequences of those actions (Broad, 2014). This theory evaluates the maxim of the party who is involved in the decision to determine why the actions were taken. As per this theory, the actions of Facebook are unethical. The company has breached its duties towards customers while taking business decisions. The decision to introduce Open Graph platform was unethical because the maxim of the company was to increase its profits rather than fulfilling its duties towards its customers to protect their private data. Moreover, the corporation also failed to ensure that the data which is collected through Open Graph platform is not being used for immoral purposes after its termination. Zuckerberg has also breached its duties as the CEO of the company because he did not take any actions to ensure that the personal data of users is secured after this incident (Cox, 2018). Since the duty is breached by the executives of Facebook, the actions taken by the company are unethical as per Deontology ethical theory.

Consumer Protection Discussion

In the United States, there is a range of laws which are implemented by both federal and state level governments to regulate consumer affairs. The objectives of these regulations are to protect the right of customers. The Federal consumer protection laws are implemented and enforced by the Federal Trade Commission, the US Department of Justice, the Food and Drug Administration and the Consumer Financial Protection Bureau (FTC, 2018). These laws protect consumers from unscrupulous business practices or consumption of any dangerous products. In the case of social media corporations, the consumers are their users who access and use their services for free. However, these services are not free because companies such as Facebook collects the private data of their customers to show them relevant advertisements, therefore, the users come under the definition of consumers. Facebook has to comply with these regulations while collecting the private data of its users. The Federal Communication Commission governs the Federal Communications Act which provides regulations for the use of customer proprietary network information (CPNI) (Bose, Gilpin, Agosti & Dang, 2016). Facebook also has to comply with the Children’s Online Privacy Protection Act of 1988 and the Fair and Accurate Credit Transactions Act of 2003 while offering its services to users.

Current regulations in the United States did not enforce organizations such as Facebook to notify their users in case their data is breached by their developers (Campbell, Goldfarb & Tucker, 2015). Therefore, Facebook did not notify its users that its privacy policies are violated by Cambridge Analytica in which private data of more than 87 million users was compromised. As the number of cases involving data breach attacks increases, the importance of stricter consumer protection laws is increasing as well. The ICO has implemented a fine of £500,000 on Facebook because the company failed to ensure the security of its users. However, this fine is nothing when compared to the revenue of Facebook which earn more than this amount in less than ten minutes. The California Right to Know Act is another good example which requires companies which collects users’ data to provide its users a copy of such data when requested (Sung, 2016). However, in the case of Facebook, most users were unaware that their personal information is being collected and stored by Facebook. The government established a commission to hear the case of Facebook to find out whether new regulations should be imposed on these companies to ensure that the privacy of users is maintained. However, a conclusion has not been achieved based on the commission to ensure that stricter regulations are imposed by the government on companies such as Facebook due to lack of data protection regulations.

CSR is referred to a business model which assists corporations in being socially accountable for their actions towards itself, stakeholders and the public (Huda et al., 2018). In the case of Facebook, the CSR model of the company was ineffective since it failed to maintain transparency in its operations. The executives of the company prioritized profitability about the interest of its users which shows that it has not adopted a stakeholder approach. The company failed to disclose to its users that their privacy is violated. Moreover, the corporation continued to collect the data of its users after the incident rather than changing its policies to avoid collecting private information such as political preference of its users. The company has violated its CSR policies which encourage its employees to keep data security above anything else. Therefore, the violation of CSR model resulted in adversely affecting a large number of people.

Additional Legal Topics

White-collar crimes are referred to criminal activities which are committed by people during the regular course of their business which includes crimes such as fraud, bribery, extortion, embezzlement and cybercrimes (Anello & Glaser, 2016). In this scenario, cybercrimes are committed by the executives of Facebook since they failed to prioritize consumer protection above profitability. During the everyday business executives, Facebook collects data of its users which include private information such as mobile number, political preference and others. The private data was collected without the consent of users because Open Graph platform enables developers to collect the data of those users who have not used their application but who are included in the friend list. Moreover, after the leak of data, Facebook sent a notification to all its users which included information which is collected by the company from its users. However, the process of collection of data was not stopped, and the corporation continued to collect the data of users which comes under the definition of white-collar crimes.

The cyber laws which are implemented by the government of the United States are not sufficient to keep up with the rapid changes in the technology field (Singh, Husain & Vishwas, 2014). Organizations such as Facebook are finding new ways to collect private data of their users, and they also find loopholes in the regulations to avoid legal penalties as highlighted in the case of Facebook. Due to the law of effective cyber laws which are focused on protecting the data of customers, appropriate punishment was not imposed on Facebook to enforce consumer protection laws. Moreover, the government was unable to stop Facebook from accessing and collecting the private data of its users ever after realising that the company is unable to protect the privacy of its users. Due to the lack of cyber laws, another 50 million users suffered breach of privacy after few months because hackers were able to steal their login information. Furthermore, the maximum penalty imposed by the ICO is less than ten minutes income of Facebook which shows that current cyber laws are not appropriate to stop major corporations from breaching the law. The government should introduce new cyber laws to ensure that these corporations are enforced to prioritize consumer protection above anything else, and they are taking appropriate measures to ensure the security of users (Coteanu, 2017).

In conclusion, the key ethical dilemma faced by Facebook in Cambridge Analytica scandal was that it failed to prioritize the privacy of its users which adversely affected more than 87 million people. After the incident, the company still did not learn its lesson, and it continued to collect private data of users, and after a few months, the login details of over 50 million users were stolen. As per the Consequential and Deontological ethical framework, the actions taken by Facebook and its executives were unethical. The company has also violated various consumer protection laws; however, these laws are not effective to impose appropriate penalties on the company. Facebook has violated its CSR model because it prioritized profits above customer protection which adversely affected millions of individuals. The executives of Facebook have committed white-collar cybercrimes by failing to ensure the security of its users. Current cyber laws are not sufficient to hold large companies liable for breaching consumer protection policies, and the government should make changes in these laws to improve the security of people.

References

Anello, R. J., & Glaser, M. L. (2016). White Collar Crime. Fordham L. Rev., 85, 39.

BBC. (2018). Facebook fined £500,000 for Cambridge Analytica scandal. Retrieved from https://www.bbc.com/news/technology-45976300?intlink_from_url=https://www.bbc.com/news/topics/c81zyn0888lt/facebook-cambridge-analytica-data-scandal&link_location=live-reporting-story

Bose, A., Gilpin, L., Agosti, J., & Dang, Q. (2016). The Veicl Act: Safety and Security for Modern Vehicles. Willamette L. Rev., 53, 137.

Broad, C. D. (2014). Five types of ethical theory. Abingdon: Routledge.

Campbell, J., Goldfarb, A., & Tucker, C. (2015). Privacy regulation and market structure. Journal of Economics & Management Strategy, 24(1), 47-73.

Chang, A. (2018). The Facebook and Cambridge Analytica scandal, explained with a simple diagram. Retrieved from https://www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-cambridge-analytica-trump-diagram

Coteanu, C. (2017). Cyber consumer law and unfair trading practices. Abingdon: Routledge.

Cox, J. (2018). The Cambridge Analytica scandal has halted Mark Zuckerberg’s ‘presidential’ ambitions – for now. Retrieved from https://www.independent.co.uk/voices/mark-zuckerberg-cambridge-analytica-facebook-us-president-ambitions-personal-data-breach-a8266841.html

FTC. (2018). National Consumer Protection Week. Retrieved from https://www.consumer.ftc.gov/features/national-consumer-protection-week

Hern, A. & Pegg, D. (2018). Facebook fined for data breaches in Cambridge Analytica scandal. Retrieved from https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal

Huda, M., Mulyadi, D., Hananto, A. L., Nor Muhamad, N. H., Mat Teh, K. S., & Don, A. G. (2018). Empowering corporate social responsibility (CSR): insights from service learning. Social Responsibility Journal, 14(4), 875-894.

Kubasek, N., Brenna, B. & Browne, M. N. (2017). Legal Environment of Business, A Critical Thinking Approach (8^th ed.). New York: Pearson.

Singh, M., Husain, J. A., & Vishwas, N. K. (2014). A Comprehensive Study of Cyber Law and Cyber Crimes. International Journal of IT, Engineering and Applied Sciences Research (IJIEASR), 3(2), 20-24.

Statt, N. (2018). Facebook hacker stole login information for 50 million accounts. Retrieved from https://www.theverge.com/2018/9/28/17914524/facebook-bug-50-million-affected-security-token-access-view-as-feature

Sung, C. (2016). Deciding with Dignity: The Terminally Ill Patient’s Right to Information About the California End of Life Option Act. Hastings Const. LQ, 44, 89.

Valdez, A. (2018). Everything you need to know about Facebook and Cambridge Analytica. Retrieved from https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/