I confess the lawyer in me wonders why Mark Zuckerberg would rush to testify before Congress this week. His testimony about the serious privacy breaches on the Facebook platform — now reaching up to 87 milllion Facebook users, including 71 million Americans — needed to include a real call to action for Congress, but it reeked of an apology with no concrete plan of action to protect the data of tens of millions of users.
The harvesting of consumers’ data from Facebook is just the latest example of what happens when we live in a culture that treats consumer privacy as a commodity. Whether you view this as Facebook was lax in enforcing its own rules or whether you believe Facebook was negligent in allowing third parties access to Facebook users’ data, the end result is the same. Unsuspecting users are “sharing” their private information with third-party bad actors who manipulate the information to impact elections, rip-off consumers, and place private data on the dark Web, using tools created by a utopian Facebook.
At this point, it should be obvious that self-regulation — in an era where data is oil — is useless. This was not an unknown problem and there was a distinct delay in its disclosure and ultimately, it is not clear what, if anything, can be done at this juncture to restore the privacy expectations of millions of Americans. Consumers deserve to have the benefit of one set of privacy protections on the internet, everything from e-health to e-commerce, and those protections should be transparent and uniform across all internet platforms.
Mr. Zuckerberg’s testimony is important, and some may even describe it as historic. But its true significance is yet to be seen. It will be significant only if Congress, in the face of clear evidence of serious privacy violations, acts to prevent future wholesale violations of the privacy of the American public.
Here is what that action would look like: a bill that sets one standard of consumer privacy that applies to all companies in the internet ecosystem and that applies no matter how consumers access the internet. This is the only way consumers can have one set of expectations for how their privacy should be protected and be willing to trust internet companies with their personal data. (As the Washington Post reported, “research has consistently shown that users of online platforms rarely adjust default privacy settings and often fail to understand what information they are sharing.”) Having one consistent privacy standard would solve that problem and empower consumers. And the new law should make explicit the Federal Trade Commission’s jurisdiction in this area over every company that does business via the internet. (The FTC has already opened an investigation into the revelations over Facebook’s relationship with the data firm Cambridge Analytica, but it is important to clarify their jurisdiction in a new law.)
Too often in Washington, testimony like Mark Zuckerberg’s is simply the spectacle of the week; the next spectacle occurs and we become numb to the last one. Rarely do we see real follow-up or action. Now that the lights have faded and the C-SPAN cameras have been packed away, new events will crop up and the evidence that was brought to Congress’ attention could just gather dust. This might serve the political interests of some members of Congress, but it does not serve consumers.
Mr. Zuckerberg’s testimony is a call for Congressional action. We cannot afford to wait for the next episode of hacking or harvesting to recognize that we need a comprehensive bill that puts strong, equal privacy protections in law and reaffirms the core principles of an open internet. Rules that apply equally to all companies in the internet ecosystem.
Reproduced with permission from Telecommunications Law Resource Center, 2018 TERCN 17 (4/13/18), 04/13/2018. Copyright  2018 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com