Column: Zuckerberg says internet regulation ‘inevitable,’ but he’ll still put up a fight
After two days of testimony on Capitol Hill, Facebook’s Mark Zuckerberg wants you to know: He’s sorry — really, really sorry — about that Cambridge Analytica thing, and he’s open to some degree of internet regulation.
Is he truly sorry? If contrition is measured in a willingness to put on a suit and use a little hair product, then, yeah, he’s sorry.
Is he actually open to lawmakers clamping down on his business?
What, are you kidding?
For all his well-coached humility, Zuckerberg committed to nothing when it came to regulation.
While acknowledging Wednesday before the House Energy and Commerce Committee that it’s “inevitable that there will need to be some regulation” of his industry, he quickly added that lawmakers “have to be careful about what regulations you put in place.”
He reiterated what he said in the Senate a day earlier, that Facebook has “a responsibility to not just give people tools, but to make sure those tools are used for good,” which sounded like what Lex Luthor might say when asked to explain his interest in Kryptonite.
In fact, a road map to effective privacy protection was already on the table before Zuckerberg even opened his mouth.
On Monday, a coalition of U.S. and European consumer and privacy groups called for Facebook to embrace privacy standards that actually mean something.
The Transatlantic Consumer Dialogue said in a letter to Zuckerberg that Facebook should adopt as a worldwide standard the privacy rules that will take effect next month throughout Europe — rules that truly empower consumers and hold digital businesses accountable for their data practices.
Otherwise, the company, along with other U.S. tech companies, will be legally obligated to treat Europeans’ personal information with respect while continuing to ride roughshod over Americans’ privacy.
“There is simply no reason for your company to provide less than the best legal standards currently available to protect the privacy of Facebook users,” the letter says.
The European rules provide “a solid foundation for data protection, establishing clear responsibilities for companies that collect personal data and clear rights for users whose data is gathered,” it says. “These are protections that all users should be entitled to no matter where they are located.”
I spoke with Jeffrey Chester, executive director of the Center for Digital Democracy and coauthor of the letter. He noted that as long as any discussion of internet regulation is couched in ambiguous terms, Zuckerberg will say he’s flexible.
Put something concrete before him, and there’ll be pushback.
“You haven’t heard Facebook say it supports privacy legislation in the United States, and you won’t hear it,” Chester told me. “Zuckerberg doesn’t understand that there’s a fundamental privacy problem with his company. He hasn’t committed to the idea that privacy is a fundamental right.”
That’s the foundation of the European law. It’s called the General Data Protection Regulation, and it’s the product of years of tinkering and negotiations.
When it takes effect in coming weeks, it will represent the most sweeping and comprehensive consumer privacy safeguards anywhere. Among the more noteworthy protections:
- Companies must obtain consent from customers before using or sharing their personal information, and this approval must be sought in clear, easily understood language.
- Companies must make it similarly easy for a customer to withdraw consent, if desired.
- Consumers have a right to know how their personal data is being used and to receive a free copy of any such information held by a business.
- Customers must be notified of any security breach within 72 hours.
And here’s where the General Data Protection Regulation bares its fangs: Any violation of the law can result in a fine of up to 20 million euros ($24 million) or 4% of the company’s annual global revenue, whichever is greater.
In Facebook’s case, 4% of the company’s 2017 revenue of nearly $41 billion is $1.6 billion.
That’s the kind of fine that gets a company’s attention — and prompts actions to prevent another such penalty from being levied in the future, actions a bit more substantial than putting on a nice suit and telling people you feel their pain.
During his hours of give-and-take with lawmakers, who for the most part were alarmingly ignorant about the digital world, Zuckerberg was careful not to agree to anything that would undermine Facebook’s primary source of revenue, which is taking user data and making lots of money from it.
He was asked if he thought Europe’s privacy rules were appropriate. “I think they get things right,” he replied vaguely.
In a conference call with reporters last week, Zuckerberg said that “overall I think regulations like this are very positive.” He said Facebook intends “to make all the same controls available everywhere, not just in Europe.”
What does that mean? Was Zuckerberg saying the rules his company will follow in Europe will be followed elsewhere? Or was he just saying the company will fiddle yet again with how it presents privacy options to users?
A Facebook spokesman declined to comment.
Emily Rusch, executive director of the California Public Interest Research Group, told me it’s unlikely Facebook would voluntarily impose strict privacy standards on itself. “They have fought hard against similar rules for too long,” she said.
Will lawmakers act?
Jessica Levinson, a law professor at Loyola Marymount University, said American policymakers “tend to have more reticence to impose government controls and regulations on businesses than our European counterparts.”
That has to change. Tech leaders won’t go any farther than necessary to mollify public opinion and keep potential regulation at bay.
Forcing Zuckerberg to put on decent clothes and comb his hair might feel like we just manhandled one of the world’s richest men.
But check his Facebook status. It very likely says “laughing, all the way to bank.”