EU Lawmakers, Officials Challenge Facebook Over Cambridge Analytica as It Answers US Queries
Facebook, under fire in the U.S. and U.K. for its role in the Cambridge Analytica breach, is also facing heat from EU lawmakers. The European Parliament Civil Liberties (LIBE) Committee held a third hearing on the matter Monday, focused on possible solutions.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
In the U.S., the platform is answering questions from DOJ, the FBI and SEC about Cambridge Analytica, a Facebook spokesperson confirmed Tuesday. “We are cooperating with officials in the US, UK and beyond,” he emailed. “We’ve provided public testimony, answered questions, and pledged to continue our assistance.” DOJ, the FBI and the SEC join the FTC, the Senate Judiciary and Commerce committees and the House Commerce Committee in a wide-ranging probe (see 1807020038). DOJ and the SEC declined to comment Tuesday.
Comments from Richard Allan, vice president-policy solutions, on what his company is doing in the areas of data protection and election integrity were met with skepticism from some LIBE members. European commissioners said the solution lies partly in EU enforcement of the general data protection regulation and enactment of the e-privacy regulation, and U.S. enforcement of trans-Atlantic personal data transfer mechanism Privacy Shield including as it relates to this matter.
Facebook acted several years ago to limit access to data available to third parties' apps, Allan said. The company has since announced more measures to further limit the possibility of abuse, he said. It has a large group to help it transition to the GDPR, he said. The company is doing "intense work" around cybersecurity to ensure election integrity, he said. It's trying to make political advertising more transparent and has set up an academic research commission to focus on the impact of social media on elections, he said. Facebook is "often apologizing for mistakes" but that's because its services are genuinely innovative, which poses challenges, he said. The solutions to abuse of the platform will come only through partnerships, Allan said. It will "always be a work in progress" because people will always try to get around solutions, he said.
Lawmakers said Facebook seems to be serious about their concerns but several questioned how much the company is doing to address them. One asked why the platform is still sharing personal data with WhatsApp; Allan said it's not being shared for commercial purposes. Another criticized the company for expressing regrets about bad policies but not providing any plan for avoiding such policies.
The GDPR focuses on making companies more accountable and responsible in how they deal with personal data, but another important piece of the data protection puzzle -- relating to cookies and tracking users' online activities -- is currently under construction, said EC Vice-President for the Digital Single Market Andrus Ansip. Digital traces are being collected everywhere, often without user permission, which is why the e-privacy directive, which would extend rules on tracking practices and consumer control beyond traditional ISPs, is needed, he said.
The EC has pressured Facebook to fully comply with the investigations in the U.S. and EU and will continue those efforts until it gets to the bottom of the matter, said Justice, Consumers and Gender Equality Commissioner Vera Jourová. The EC is also working with consumer groups to look into Facebook and is awaiting the findings of enforcers such as the U.K. Information Commissioner's Office, she said. "Our investigation is ongoing but we plan to publish our findings in the near future," an ICO spokeswoman told us. The U.K. Parliament is investigating Facebook-Cambridge Analytica, and the Digital, Culture, Media and Sport Committee hopes to produce an interim report around the time of the summer recess, a committee spokeswoman said.
The EC has ordered platforms to engage with issues such as online disinformation by coming up with a code of conduct by this month, said Security Union Commissioner Julian King. The EC wants to help counter fake news and psychosocial profiling, and will hold a high-level meeting in November with governments and specialists, he said. "We need the support of platforms" to make progress, plus clearer rules on the sale of mined personal data involving elections, King said. The EC reserves the right to regulate if industry fails to police itself, he added.
Asked what guarantees Privacy Shield and the GDPR will prevent future Cambridge Analyticas, Ansip noted that Facebook says it's now complying with them: "But I have some doubts." A potentially broader issue is the use by thousands of companies of application programming interfaces, he said.
That there's a debate now "is somewhat absurd," said Max Schrems, whose legal challenge in the European Court of Justice led to the demise of the last Safe Harbor (see 1510060001). He complained about Facebook's "sending apps" in 2011 on the basis that it lacked user consent, he told LIBE members at a June 25 hearing. What the platform was doing then was a violation of the privacy law, and authorities looked the other way, he said.