A large part of the issue with the Cambridge Analytica scandal was that the Facebook data obtained by the company didn’t just come from those who clicked through to the survey, but also their Facebook friends. That, says a WSJ report, is a growing issue.

The Cambridge Analytica scandal—where 270,000 people who downloaded an app led to a data breach for 87 million Facebook users—is the first large-scale example of the importance of maintaining “group privacy,” says Yves-Alexandre de Montjoye, head of the computational privacy group at Imperial College London.

In a hypothetical example, Prof. de Montjoye’s group reported that if just 1% of cellphones in London were compromised with malware, an attacker would be able to continuously track the location of more than half the city’s population …

Paradoxically, it suggests, the best way to protect the privacy of personal data may be to have all of it retained centrally, in encrypted form, with companies only being granted indirect access.

The Max Planck Institute’s Dr. Francis co-founded a company, Aircloak, to develop software to protect data. Diffix, as it’s called, sits between a database and its owners, allowing them to make specific queries but never revealing the whole database. It should allow firms like banks to protect user data internally, in a way that makes them compliant with sweeping new privacy rules under Europe’s General Data Protection Regulation, according to Dr. Francis and Sebastian Probst Eide, Aircloak’s chief technical officer […]

The idea of a centralized repository (a.k.a. personal-data store), which marketers would have to seek permission to access, has been proposed before. But these projects—which depend on some companies having our data, and others not—haven’t taken off, since gathering and using our data is both legal and lucrative […]

With GDPR, Europe has an opening for such a service, and if any of the privacy regulations proposed in the U.S. gain traction, conditions could ripen here as well.

This could be an opening for Apple, Amazon or some new entrant to become a personal-data custodian.

The theory is that one highly-protected database could be safer than having our personal data scattered throughout thousands of different databases.

The question is who could be trusted to be the central repository for personal data? The piece suggests that governments, Google, Amazon and Apple could all be candidates.

What’s your view? Do you think the ‘shared privacy’ theory is viable? And if so, who would you most trust with your data? Please take our poll and share your thoughts in the comments.

Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear