Facebook CEO Mark Zuckerberg’s marathon Congressional sessions in front of both the House and Senate have produced countless talking points and incendiary sound bites.
The hearings aimed to tackle the issue of user privacy in the wake of an election scandal. But the discussion has ballooned into a red-and-blue debate of media bias, preferential treatment of news sources, censorship, and seemingly any hot-button topic on which you could slap a partisan angle.
Election-centric discussions are dominating the discourse, but the broader, more compelling national security interests are being obscured. Unfortunately, the circuitous questioning and lack of focus are preventing lawmakers from dialing in on the most pressing issues concerning data accountability, privacy, and consumer protections that could be enacted to protect personal information.
This doesn’t solely rest with Zuckerberg’s company. The private sector and Federal government could do more to acknowledge what’s at stake. End-users likewise need better understanding of their contributions to data creation, and how what they share could be corrupted or misused.
The case that prompted Zuckerberg’s appearance on the Hill saw an app developer use a seemingly innocuous personality quiz to harvest data from millions of users. That data was then used by a consulting firm, Cambridge Analytica, for social engineering with political motives.
That misuse of data obtained from Facebook has prompted talk of potential U.S. regulation of the social network’s vast stores of personal information. Many pundits seem to view the prevailing dialogue as a noose hanging over the company’s head, but it seems Zuckerberg doesn’t see it as a death sentence.
“I’m not the type of person who thinks that all regulation is bad,” Zuckerberg told the Senate on his first day of questioning. “I think the internet is becoming increasingly important in people’s lives and I think we need to have a full conversation about what is the right regulation, not whether it should be or shouldn’t be.”
Lawmakers discussed the European Union’s General Data Protection Regulation (GDPR) as a model for future U.S. legislation. GDPR aims to give consumers more control over their data; that is, to know what is being collected and choose how it’s shared. GDPR establishes legal ramifications for non-compliance if consumers request their data be deleted and companies do not oblige.
Zuckerberg said they’re not just applying that model to their dealings in Europe.
“I think everyone in the world deserves good privacy protection. We are committed to rolling out the controls…required in GDPR,” Zuckerberg said. “We are doing that around the world.”
“I think it’s worth discussing whether we should have something similar in the U.S., but I’d like to say today that we are going to go forward and implement that regardless of what the regulatory outcome is,” he added.
The second day of questioning saw lawmakers reiterate that imperative.
“We need comprehensive privacy and data security legislation,” said Rep. Frank Pallone (D-NJ), who has introduced legislation in the House regarding data security. “We need baseline protections that stretch from internet service providers to data brokers, to app developers, and to anyone else who makes a living off our data.”
Legislation like the GDPR aim to take the mysticism out of personal data by making companies create discrete packets of individual consumer data. The hope is that it will provide citizens better knowledge of where their information is going.
If legislation could wrap a neat little bow around what constitutes “all of my personal data” for each citizen, then digital society would likely be much safer. The reality is much more granular than that. In Facebook’s case, user data was misused by a company that got user permission, albeit surreptitiously. Users chose to share; they just clearly weren’t aware of all that they were sharing.
Government certainly needs to help citizens own their data. Facebook needs to help citizens know what data they are sharing, and not do so behind the veil of obscure privacy settings or terms of service. For each individual, though, digital literacy also needs to follow suit.