When Facebook told us in 2015 that GSR had broken their terms of service, we deleted the raw data from our file server and began the process of searching for and removing its derivatives in our system, in coordination with Facebook. No traces exist of it in our work.
Subsequently, we took legal action against GSR for breach of contract.
We cooperated with Facebook to ensure they were satisfied that we had not knowingly breached any of their terms of service. When Facebook sought further assurances in 2017, we carried out an internal audit to make sure that all the data, all its derivatives, and all backups had been deleted.
Because of recent inaccurate news reporting, we will be undertaking an independent audit by a leading data forensics firm to demonstrate that we do not hold any GSR data.
We have been working with the UK’s Information Commissioner’s Office (ICO) since February 2017, when we hosted its team in our London office to provide total transparency on the data we hold, how we process it, and the legal basis for us processing it. We offered to share all communications and documents we hold relating to GSR with the ICO, and to help them search our systems for GSR data.
The ICO said in May 2017 that it would “open a formal investigation into the use of data analytics for political purposes”, and engage “with a range of organizations – political parties and campaigns, data companies and social media platforms”.
The ICO’s remit is compliance with existing laws, identifying any limitations in existing legislation, and generally raising public awareness and confidence: these are all goals which data privacy Cambridge Analytica supports.