It appears that Facebook, the social media platform that has more than 2 billion monthly active users can’t catch a break from a series of questionable business decisions that have plagued its operations in the past few weeks. The current concern is local and stems from the internet giant’s locally available Express hotspots that serve about 20 Kenyan towns.
At 2015’s MWC gathering in Barcelona, Spain, Facebook communicated its intention to connect the unconnected people in the world with affordable internet. The announcement was made in partnership with chip-maker Qualcomm and Nokia. Named Internet.org, the project included multiple programs such as Express Wi-Fi for growing economies. Facebook would team up with local ISPs (SURF Kenya) to deploy the service and continues to expand its turf to more towns.
A piece by the Business Daily has revealed that the hotspots are being used the American social media company to collect extra information (customer names and their phone addresses) that it did not sign up for. The ill-fated platform has admitted gathering personal data for users who use the platform (even those who do not use Facebook or its associated apps such as Instagram and WhatsApp).
At the moment, Kenya’s ICT regulator the Communications Authority (CA) and other stakeholders have no solid licensing framework that defines the intricacies of data collection and transmission. What’s more, the CA says it was not informed of direct data collection, which is against shaky regulations that may be in its book.
The realistic way of looking at this breach is based on the operational model of Facebook Express Wi-Fi: access points are relatively affordable for it and its ISP partners. Secondly, users pay as little as KES 10 for 40 MB of data, which is a good deal in a country that is known for expensive data prices. In exchange for affordable access, which may be perceived as a steal, Facebook siphons personal data off your device for ‘improved customer experience for its partners and ensuring the hotspots are working well.’
Facebook declines to acknowledge the breach targets to delve into internet usage patterns of Kenyan consumers in a bid to have a fine grasp on those insights. Whether that is true or otherwise (your guess is as good as mine), it is still undeniable that such access was deliberately unannounced for a demographic that may not be unaware of the breach.
The sensitivity of the matter must be looked into before abuse slips out of control. It also illustrates a blatant disregard for a line in CA’s regulations book that ‘guarantees privacy and confidentiality of consumers and prohibit unauthorized use of apparatus, which is capable of recording, silently monitoring, or intruding into consumer’s communications.’ The concern also raises questions of whether similar products from international corporations such as Mawingu (in partnership with Microsoft) are adhering to privacy laws.
