Using React-Awesome-Query-Builder for Marketing Campaigns; Policy Response Analysis of the Facebook – Cambridge Analytica Scandal: Comparing the GDPR, CCPA, and APPI

Ainley, Benjamin, School of Engineering and Applied Science, University of Virginia
Wayland, Kent, Engineering and Society, University of Virginia
Morrison, Briana, EN-Comp Science Dept, University of Virginia

Advances in data collection technology chains have enabled companies to collect, track, and analyze information, patterns, and habits about a user. Data collection is important for companies, making it easier to understand what customers want and how they interact with the company. By knowing about your customers, a company can tweak the business to better fit its needs. This can be for several reasons such as personalizing user experience, improving marketing strategy, or possibly selling customer data. However, customers may not even know what kind of data is being collected, or feel they have no say in what kind of data large tech companies are collecting. Because of this lack of control, some customers may feel that their privacy is being violated and lose trust in companies. As a result, countries worldwide have developed and continue to update comprehensive data privacy laws, and each country may approach how personal information is handled differently. Furthermore, a specific country’s data privacy laws may also affect how companies from other countries conduct themselves, since business is done internationally.
This summer, I worked as an intern for Capital One in their marketing line of business. An important task carried out by marketers is the creation of rulesets used to filter groups of customers to be targeted for marketing campaigns. These rulesets outline desired specifications of customers to be advertised to. The process of building these rulesets and filtering data can be tedious work since there is not currently an app with a streamlined user interface at the company. To address this problem, my team worked on the development of a rule building application. The application frontend was developed using ReactJS along with the React-Awesome-Query-Builder library to create or modify rulesets. These rulesets were stored in Amazon S3, an object storage service. AWS Lambda, a serverless, event-driven computing service, was used as a communicator between the frontend and backend. The application allows marketers to create, edit, update, delete, and search for campaign rulesets, along with run rulesets against customer records. However, it is still being worked on and is not yet ready for production. There are a few different directions the application could head, and it still needs additional features before it is ready for production, such as a more advanced search and an improved user privileges system. This project has potential to make an impact on the marketing line of business at Capital One by streamlining the process of building marketing campaign rulesets, reducing the amount of query language knowledge needed.
With the Facebook – Cambridge Analytica scandal heightening awareness of personal data privacy and protection, countries worldwide have developed and continue to update comprehensive data privacy laws. Each country may approach how personal information is handled differently, possibly because of the cultural values of that country. This paper seeks to compare different data privacy policies around the globe, specifically California’s Consumer Privacy Act (CCPA), the European Union’s General Data Protection Regulation (GDPR), and Japan’s Act on the Protection of Personal Information (APPI). The EU has treated data privacy as a human right and has the strictest set of laws regarding data protection and privacy. Many countries such as Japan and the US look to comply with these standards, especially when doing business with the EU, as it has set a “global standard.” Japan’s laws comply with the GDPR in order to business, but have aspects that are different and resemble more of a collectivist culture. This can be seen as government organizations are excluded from the APPI. The US’s laws are more business oriented with less regards to data privacy and protection as a natural right. The fact that the CCPA only applies to businesses that are for profit and meet certain revenue or data processing thresholds exemplifies this. These differences are important for organizations to understand when developing their privacy compliance programs. In addition, by looking at different models, other countries can better develop their own comprehensive data privacy laws that suit their country’s culture.

BS (Bachelor of Science)
Facebook, Cambridge Analytica, CCPA, GDPR, APPI

School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Briana Morrison
STS Advisor: Kent Wayland
Technical Team Members: Akhil Chinnakotla, Shafali Gupta, Bruce Nguyen

Issued Date: