Data deception needs a strong response

The scandal unfolding around Pere Sihtkapital SA and the Isamaa political party, centred on the mass and unlawful acquisition of personal data of various kinds, leaves the question unanswered – for whom and in what way can the misuse of data in this form, in the light of the oreol of science, be of any real benefit?


Mass data collection under the guise of science with a political slant has ended badly before. An example is the 2018 Cambirdge Analytica case,1 which also involved the fishing of data on millions of Americans in what was originally presented as a scientific study.

What happened next is well known to all – accusations of influencing the 2016 US presidential election,2 Russian manipulation5 of public opinion and populist Donald Trump’s victory over Hillary Clinton.

The way in which the data was collected and later converted into votes was, simply put, as follows – the initial data was also collected in in-depth questionnaires (120 questions), then an app was attached to the Facebook accounts of the questionnaire respondents to retrieve all the data.

An important nuance is that the data of all the person’s friends was also retrieved, so that in total the detailed data of 87 million people was retrieved, which allowed for skilful and personalised manipulation of the electorate. It should be stressed once again that this action was also launched under the cover of science.

A new way to manipulate democracy

It later emerged that the data obtained was used in Donald Trump’s presidential campaign in the form of psychographic profiling, which allowed for more precise targeting of political messages and increased the likelihood of the desired outcome. The consequences of this scandal were shocking, particularly for Americans, but also gave new meaning to the possibilities of manipulating democracy.

By the way, the latest news from the Cambridge Analytica scandal front came relatively recently, at the end of 2022, when Facebook agreed to pay $725 million in settlements to the victims of the misuse of personal data.3

This, by the way, was preceded in 2019 by a US Federal Trade Commission fine of nearly $5 billion (sic!) for disclosing personal data to third parties,4 the largest in history for misuse of personal data. However, to get an idea of the scale, it is worth noting that Facebook’s turnover in the first quarter of the year in question was $15 billion,4 so the impact of the penalty has been compared to a parking fine.

Data collected illegitimately under the name of the University of Tartu can also be used in combination with survey responses to create psychographic profiles of the data subjects (i.e. people), which opens the way for easy manipulation of public opinion and thus also for targeting election results.

Let us consider that one of the results of the study ordered is a situation today in which a politically funded think-tank has at its disposal considerable information on all aspects of the lives of both childless women and women with children, which can be used for any manipulation it wishes, should the opportunity arise.

This sounds like the dream of any authoritarian state or politician, where a dirty game can be played under an outwardly democratic façade without violence, while giving the impression of science to those involved. The Cambridge Analytica story was also presented as innocent research, and the consequences of the latter the world still does not fully understand.

The Estonian state’s response cannot resemble a parking fine

The Estonian state’s reaction to the misuse of data must not be too lenient and must be proportionate to the seriousness of the infringement. Otherwise, the long-term consequences of the situation will be severe. This is a precedent; if we fail to react, we will make data hacking legal and attempts to illegally obtain data will become the new public norm.

It’s not an “oops, I didnt mean to do that” situation, and crisis communication along the lines of “but no one was hurt and no damage was caused to property,6 yet how was I supposed to know7 that the law forbids it” shows that the seriousness of the situation is not understood.

Not knowing the law does not exempt one from complying with it. Furthermore, the act has damaged the reputation of Estonian universities, as well as the Estonian scientific landscape – it would be interesting to know what the Estonian Ministry of Education and Research, as well as the Estonian Ministry of the Interior, which is in charge of the Population Register, thinks of this lack of responsibility.

After all, it is the Ministry’s job to safeguard the data and to be responsible for the well-being and security it provides. Unfortunately, some political parties will have to be explained at this point – yes, even if these data subjects are childless. It is a sad state of affairs because, unfortunately, once digital information has been given, it cannot be permanently erased without leaving a digital footprint, and to date, despite the suspended survey, the data of 1 000 women is somewhere on a hard or network disk.7

The depth of the problem is illustrated by the fact that, without law enforcement involvement, there is no way to control where this data goes. Yet we need to know – what happens to data that should never have been collected in the first place? And whether or not the state is putting itself in place to protect its citizens’ data? If we fail to do so, then there is no point talking about the more serious aspects of the civil defence.

× The op-ed (by Anne-May Nagel, co-founder of the Crisis Research Centre, Junior Researcher at Taltech) was first published on August 13, on Delfi web portal. Photo: woman in data stream (Pexels, 2019).


1 Hern, A. 2018. Cambridge Analytica: how did it turn clicks into votes? The Guardian, 06.05.2018 (accessed 12.08.2023).
2 Lewis, P. & Hilder, P. 2018. Leaked: Cambridge Analytica’s blueprint for Trump victory. The Guardian, 23.02.2018 (accessed 12.08.2023).
3 Raymond, N. 2022. Facebook parent Meta to settle Cambridge Analytica scandal case for $725 million. Reuters, 23.12.2022 (accessed 12.08.2023).
4 Carrie, J. 2019. Facebook to be fined $5bn for Cambridge Analytica privacy violations – reports. The Guardian, 12.07.2019 (accessed 12.08.2023).
Hakim, D. & Rosenberg, M. 2018. Data Firm Tied to Trump Campaign Talked Business With Russians. The New York Times, 17.03.2018 (accessed 12.08.2023).
6 Ruus, R. 2023. Tartu Ülikooli dekaan tõdeb õigusvastast käitumist, ent oma ametikohta veel kaotada ei karda: keegi ei saanud rahalist kahju (The Dean of the University of Tartu admits wrongdoing, but is not yet afraid of losing his post: no one has suffered financial loss)Delfi, 12.08.2023 (accessed 12.08.2023).
Pärli, M. 2023. Pere Sihtkapital chief: We accept mistake and are working towards solutionERR, 12.08.2023 (accessed 12.08.2023).

Jaga postitust: