April 16, 2018
I confess the lawyer in me wonders why Mark Zuckerberg would rush to testify before Congress this week. His testimony about the serious privacy breaches on the Facebook platform — now reaching up to 87 milllion Facebook users, including 71 million Americans — needed to include a real call to action for Congress, but it reeked of an apology with no concrete plan of action to protect the data of tens of millions of users.
The harvesting of consumers’ data from Facebook is just the latest example of what happens when we live in a culture that treats consumer privacy as a commodity. Whether you view this as Facebook was lax in enforcing its own rules or whether you believe Facebook was negligent in allowing third parties access to Facebook users’ data, the end result is the same. Unsuspecting users are “sharing” their private information with third-party bad actors who manipulate the information to impact elections, rip-off consumers, and place private data on the dark Web, using tools created by a utopian Facebook.
With rare exceptions, consumers have no clue about what is being done with their information on social media platforms. There is no transparency and absolutely no “open” internet privacy policy for every entity in the internet ecosystem. Reasonable consumers should not be expected to review lengthy — and I do mean lengthy — fine and tiny print to try to ascertain what rules, if any, will apply to their online data. Ordinary users are hard-pressed to figure out how to even set their privacy levels in a meaningful way. There were no real checks to be sure that violations that were discovered, with Cambridge Analytica, for example, were remedied, including by ensuring that all data that had been wrongly taken was returned to Facebook or even destroyed as Facebook “demanded.” The real test that Facebook failed is their totally unexplained delay in informing the public that their data was harvested … and herein lies the most compelling rational for regulation.
At this point, it should be obvious that self-regulation — in an era where data is oil — is useless. This was not an unknown problem and there was a distinct delay in its disclosure and ultimately, it is not clear what, if anything, can be done at this juncture to restore the privacy expectations of millions of Americans. Consumers deserve to have the benefit of one set of privacy protections on the internet, everything from e-health to e-commerce, and those protections should be transparent and uniform across all internet platforms.
Mr. Zuckerberg’s testimony is important, and some may even describe it as historic. But its true significance is yet to be seen. It will be significant only if Congress, in the face of clear evidence of serious privacy violations, acts to prevent future wholesale violations of the privacy of the American public.
Here is what that action would look like: a bill that sets one standard of consumer privacy that applies to all companies in the internet ecosystem and that applies no matter how consumers access the internet. This is the only way consumers can have one set of expectations for how their privacy should be protected and be willing to trust internet companies with their personal data. (As the Washington Post reported, “research has consistently shown that users of online platforms rarely adjust default privacy settings and often fail to understand what information they are sharing.”) Having one consistent privacy standard would solve that problem and empower consumers. And the new law should make explicit the Federal Trade Commission’s jurisdiction in this area over every company that does business via the internet. (The FTC has already opened an investigation into the revelations over Facebook’s relationship with the data firm Cambridge Analytica, but it is important to clarify their jurisdiction in a new law.)
Too often in Washington, testimony like Mark Zuckerberg’s is simply the spectacle of the week; the next spectacle occurs and we become numb to the last one. Rarely do we see real follow-up or action. Now that the lights have faded and the C-SPAN cameras have been packed away, new events will crop up and the evidence that was brought to Congress’ attention could just gather dust. This might serve the political interests of some members of Congress, but it does not serve consumers.
Mr. Zuckerberg’s testimony is a call for Congressional action. We cannot afford to wait for the next episode of hacking or harvesting to recognize that we need a comprehensive bill that puts strong, equal privacy protections in law and reaffirms the core principles of an open internet. Rules that apply equally to all companies in the internet ecosystem.
Even Facebook.
Reproduced with permission from Telecommunications Law Resource Center, 2018 TERCN 17 (4/13/18), 04/13/2018. Copyright [1] 2018 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com
Originally published at Bloomberg BNA