Abdulhakim Bashir

Logo

My E-Portfolio based on work carried out on my Msc Program on Artificial Intelligence and Machine Learning at the University of Essex.

← Back to RMPP Module

Reflective Activity 2: Case Study: Inappropriate Use of Surveys

Introduction

This analysis examines three cases of inappropriate data collection practices, Cambridge Analytica (2018), TikTok (2021-2023), and Amazon Ring (2020-2023), to reveal systemic failures in consent mechanisms and highlight the need for robust professional standards in digital survey research.

Case Study 1: Cambridge Analytica - The Trojan Horse of Academic Surveys (2018)

The Mechanism of Deception

Cambridge Analytica’s data harvesting operation exemplified how legitimate research methodologies can be weaponized for political manipulation. Dr. Aleksandr Kogan, operating through his company Global Science Research, deployed a seemingly innocuous Facebook application called “This Is Your Digital Life” that presented itself as an academic personality survey (Confessore, 2018). The app paid approximately 320,000 users small amounts to complete psychological questionnaires, but Facebook’s API permissions allowed access to participants’ entire social networks, ultimately harvesting data from 87 million users without their knowledge or consent.

The survey design itself was methodologically sound, employing established psychological assessment tools. However, the true purpose was nocalt academic research but commercial data mining for political microtargeting. Christopher Wylie, the Cambridge Analytica whistleblower, revealed that the collected data enabled the creation of “psychographic profiles” used to influence voters in the 2016 US presidential election and Brexit referendum through targeted disinformation campaigns (The Guardian, 2018).

Impact Analysis

Ethical Implications: The case violated fundamental research ethics principles, particularly informed consent and purpose limitation. Participants consented to academic research but their data was used for commercial political manipulation. The non-consenting 87 million users whose data was harvested through social network connections had no awareness of data collection whatsoever.

Social Implications: The scandal undermined public trust in both academic research and social media platforms. It demonstrated how personal data could be weaponized to manipulate democratic processes, contributing to widespread skepticism about data-driven political messaging and online research participation.

Legal Implications: The Federal Trade Commission fined Facebook $5 billion, the largest privacy penalty in US history at the time. Cambridge Analytica was found to have engaged in deceptive practices, violating consumer protection laws. The scandal catalyzed global privacy legislation, including enhanced enforcement of GDPR in Europe.

Professional Implications: The case exposed critical gaps in academic research oversight for digital platforms. It highlighted how traditional Institutional Review Board (IRB) processes were inadequate for assessing the risks of social media research and established the need for enhanced ethical training for researchers working with digital data.

Case Study 2: TikTok’s Covert Data Harvesting (2021-2023)

The Scale of Surveillance

TikTok’s data collection practices represent a more systematic approach to user surveillance disguised as platform functionality. Research revealed that TikTok collected extensive personal data including location information, device identifiers, browsing history from external websites, and even keystrokes entered within the app’s browser (Consumer Reports, 2022). The platform particularly targeted children, collecting data from users as young as six years old without parental consent.

Unlike traditional surveys, TikTok employed “invisible” data collection through algorithmic analysis of user behavior, facial recognition technology, and cross-platform tracking. This created what researchers termed “ambient data collection” continuous surveillance masked as personalized content delivery.

Impact Analysis

Ethical Implications: TikTok violated principles of transparency and proportionality in data collection. Users were unaware of the extent of data harvesting, and the platform failed to implement adequate safeguards for vulnerable populations, particularly children.

Social Implications: The case highlighted how younger generations were particularly vulnerable to exploitative data practices. It contributed to growing concerns about digital literacy and the need for enhanced protection of minors online.

Legal Implications: The UK fined TikTok £12.7 million in 2023 for GDPR violations. In the US, TikTok agreed to a $92 million settlement in 2021 for improper data collection from 89 million users. Multiple states have banned TikTok from government devices due to security concerns.

Professional Implications: The case demonstrated how traditional survey ethics frameworks were insufficient for algorithmic data collection. It established the need for new professional standards addressing artificial intelligence and machine learning applications in user research.

Case Study 3: Amazon Ring - Surveillance as a Service (2020-2023)

The Normalization of Neighborhood Surveillance

Amazon Ring’s doorbell camera system created a novel form of distributed data collection that blurred the boundaries between personal security and mass surveillance. Ring devices collected video and audio data not only from property owners but also from neighbors, delivery personnel, and passersby without their consent or knowledge (Electronic Frontier Foundation, 2023).

The ethical violations were multifaceted: Ring employees accessed customer videos for personal entertainment, the company shared footage with law enforcement without user consent, and weak security measures allowed hackers to access intimate family moments. A survey by The Zebra found that 87% of Americans were unaware of how Ring used their personal data, while 93% stated they would not purchase the device if they knew about data sharing practices.

Impact Analysis

Ethical Implications: Ring violated privacy expectations by expanding surveillance beyond property boundaries and failing to implement appropriate access controls. The company’s practices demonstrated a fundamental disregard for user dignity and autonomy.

Social Implications: Ring contributed to the normalization of pervasive surveillance, disproportionately impacting marginalized communities. Research documented how police used Ring footage to monitor Black Lives Matter protests and other political activities, creating chilling effects on freedom of expression.

Legal Implications: The FTC ordered Ring to pay $5.8 million in customer refunds and implement comprehensive privacy reforms. The company was required to delete all videos illegally accessed by employees and implement stricter data governance measures.

Professional Implications: The case highlighted how product designers must consider the broader social impact of data collection systems, not merely technical functionality. It established precedents for holding technology companies accountable for employee misconduct and third-party data access.

Comparative Analysis: Patterns of Abuse

All three cases share critical failure modes: consent theater that obscured true data practices, mission creep expanding beyond original purposes, vulnerable population exploitation, and regulatory lag requiring post-hoc enforcement.

Professional Standards Gap

Traditional research ethics frameworks from ACM and BCS prove insufficient for sophisticated digital data collection. Current codes lack specificity regarding algorithmic collection, cross-platform integration, data retention limits, third-party sharing, and vulnerable population protections.

Recommendations for Professional Practice

  1. Enhanced Consent Architectures—implement granular consent systems enabling specific data use control and dynamic permission modification
  2. Privacy Impact Assessment Mandates—require comprehensive assessments by interdisciplinary teams evaluating technical, social, and political implications
  3. Professional Liability Standards—establish clear accountability for privacy violations, similar to medical malpractice frameworks
  4. Algorithmic Auditing Requirements—mandate regular third-party audits with public transparency for community oversight

Conclusion

These cases reveal fundamental breakdowns in professional ethics when data collection capabilities outpace professional standards. The path forward requires computing professionals to embrace broader social accountability, proactively considering impacts on democratic processes, vulnerable populations, and human rights. Failure to establish robust ethical frameworks threatens both individual privacy and democratic society’s foundations.

References

← Back to RMPP Module