Over 60 thousand Kiwi Facebook users' data has been compromised by the Cambridge Analytica misuse of data scandal.
The Greek myth of Scylla and Charybdis tells of the story of how the Greek King Odysseus was forced to sail his ship through a narrow strait flanked on one side by a ragged rock shoal, described as a six-headed sea monster, and a ferocious whirlpool on the other. Forced to choose one of these two horrors, Odysseus steered his boat toward the rock, sacrificing many of his crew but saving his boat in the process.
This dilemma gave rise to the popular phrase 'between the devil and the deep blue sea' – and this is pretty much where New Zealanders find themselves in the context of the current stoush between Facebook and the Privacy Commission.
On the one hand, you have a powerful independent company controlling servers filled with user data and on the other, you have a government organisation eager to gain greater control over how that data is used.
In light of the recent Cambridge Analytica scandal, it would be easy to side with the government as the great protector of Kiwi privacy and call for greater control of Facebook's activities.
There certainly is validity to this – so much so that even Mark Zuckerberg offered what appears to be a riddle in saying: "I'm not sure we shouldn't be regulated."
This regulation could, however, have major repercussions well beyond the Cambridge Analytica scandal and even Facebook. Indeed, legislative decisions of this calibre shouldn't be made high on emotion and as a knee-jerk reaction to the tarnished reputation of a major player.
The stoush between Facebook and the Privacy Commission arises from a request by the Privacy Commissioner for access to private messages sent between users. Picture / AP
The stoush between Facebook and the Privacy Commission arises from a request by the Privacy Commissioner for access to private messages sent between users, which may have contained defamatory remarks about the complainant.
Facebook declined to provide access to this information, arguing New Zealand privacy law doesn't apply to this case because its data is managed in Ireland. The Privacy Commission responded by naming and shaming the company for having breached the provisions of the Privacy Act.
Privacy Commissioner John Edwards has been adamant that the breach notice had nothing to do with the Commission's desire to "trawl through Facebook users' accounts" and that it's rather about ensuring that Facebook abides with New Zealand law given it counts more than 2.5 million New Zealanders as users.
Facebook sees things differently. While the company has sheepishly apologised after the Cambridge Analytica scandal, it has not backed down in this instance, with the company's global deputy chief privacy officer Stephen Deadman going as far as to suggest that handing over the information requested would have violated the data protection rights of the New Zealand citizens involved.
Facebook isn't alone in refusing to provide data to a government organisation under controversial circumstances. In the aftermath of the San Bernadino shooting, investigators asked Apple to hack into the phones of the perpetrator in the hope of gaining information about any co-conspirators that may have been involved.
Apple CEO Tim Cook declined when investigators asked Apple to hack into phones on the principle that it would set a precedent. Picture / AP
Controversially, Apple CEO Tim Cook declined on the principle that it would set a precedent giving the US government "power to reach into anyone's device to capture their data".
"Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the US government," Cook said.
Of course, there will always be those who welcome such measures on the principle that they "have nothing to hide" and that it protects them from the real baddies.
Data security activist Edward Snowden has long asked those who make such claims to hand over their social media and email account passwords to prove the point that there are very few of us who would be happy to have our private conversations shared with anyone else. It's also notable that Snowden has long been deeply concerned about governments' surveillance of their citizens.
This is not to say that this privacy commissioner or this government would ever use their power to extract private information from users' social media accounts. And while we might trust this government, can we trust the next one, the one thereafter or the one after that?
Mark Zuckerberg offered what appears to be a riddle in saying: "I'm not sure we shouldn't be regulated." Picture / AP
These questions are important to ask right now because there is currently a bill that has been put forward proposing an increase of the powers of the Privacy Commission by enabling it to impose a fine of up to $10,000 against organisations that breach the rules set out in the Privacy Act.
Privacy Commissioner Edwards has openly stated that he wants this to go even further so that it gives his office the power to impose fines of up to $1 million – particularly when dealing with big multinational firms flush with cash.
Edwards' timing of the breach notice, almost-melodramatic deletion of his Facebook account and strong-worded op-ed go a long way toward casting Facebook in the role of the villain in this instance.
But things aren't that easy in the data debate. And in veering as far away as possible from the six-headed beast that Facebook now represents, we potentially risk sailing straight into a churning whirlpool entirely of our own making.
