Facebook founder and CEO Mark Zuckerberg on Tuesday apologized for the improper collection of up to 87 million Facebook users’ data in his first-ever testimony in front of Congress. While the testimony provided some answers, it also revealed more troubling questions.
In front of 44 senators from the Democratic and Republican parties, Zuckerberg started the hearing by acknowledging that he and Facebook “didn’t take a broad enough view of our responsibility, and that was a big mistake.”
Zuckerberg and Facebook have been reeling for a month since reports that British political data firm Cambridge Analytica improperly collected Facebook user data and used it to influence politics, such as Donald Trump’s 2016 presidential campaign. The data firm received the personal data from Cambridge University researcher Aleksandr Kogan, which violated Facebook policies.
Among the revelations Tuesday, Zuckerberg indicated that the breach likely goes beyond the 87 million users affected by the Cambridge Analytica acquisition. Sen. Tammy Baldwin, D-Wisconsin asked if Kogan provided data to any other firms.
“He sold it to other firms. There was one called ‘Eunoia’ and a couple of others as well,” Zuckerberg said, offering to provide her with those company names after the hearing.
Zuckerberg also dodged some pointed questions, drawing criticism from Sen. Kamala Harris, D-California.
“During the course of this hearing, you’ve been asked several critical questions for which you don’t have answers,” Harris said. “Those questions have included: whether Facebook can track activity after a user logs off of Facebook, whether Facebook can track you across devices even when you aren’t logged into Facebook. Who is Facebook’s biggest competition, whether Facebook may store up to 96 categories of users information.”
Zuckerberg also skirted questions about significant regulations that would mandate companies such as Facebook to get express consent from users to collect, use and share their personal information. Regarding new data privacy regulation in Europe — called General Data Protection Regulation (GDPR) — Zuckerberg said he agreed with GDPR “in principle but the details matter” and need to be considered before similar regulation is imposed in the United States.
Facebook plans to comply with the GDPR, which takes effect in 28 European countries next month. But in a conference call with reporters, Zuckerberg failed to clarify if he plans to extend Facebook’s GDPR compliance to the United States and the rest of the world.
That regulation would allow, in part, an opt-in and opt-out consent model for users of data-collecting entities such as Facebook. It runs contrary to the social media giant’s core business model, argued a cybersecurity professor at San Jose State University.
“If we see something similar to GDPR, this will cripple Facebook,” said Banafa. “They live by the data. This is their fuel.”
Abhishek Nagaraj, an assistant professor at UC Berkeley’s Haas School of Business, said the United States should considered a less severe model of GDPR as to not hurt the advertising industry as well.
“Research has shown the European internet, especially in advertising, is less effective,” said Nagaraj. “The right solution for us will be something less stringent than GDPR, but I agree that the Europeans are providing a model.”
Congress is currently pursuing various regulations to better protect online data privacy. Last week, Facebook came out in support of the Honest Ads Act, a bill seeking to increase disclosure requirements for online political ads. Two Democratic Senators proposed another bill on Tuesday called the CONSENT Act, which requires explicit opt-in consent from users to use, sell or share any personal information.
During the four-plus-hour long hearing, Zuckerberg spelled out Facebook’s data practices with advertisers, saying Facebook does not sell user data.
“What we allow is advertisers to tell us who they want to reach (on Facebook) and we do it for them,” said Zuckerberg. “That data never changes hands or goes to the advertiser.”
During the questioning, Zuckerberg also outlined how Facebook is pivoting to becoming a more proactive enforcer against hate speech, election interference and other data abuses on its platform.
“We are going through a broader philosophical shift in how we go through as a company,” said Zuckerberg. “What we’ve learned now… is that we need to take a more proactive role and broader responsibility. We need to take a more active view in policing the ecosystem.”