By Harper Neidig - 12/24/18 07:00 AM EST
A new round of Facebook data controversies has incensed lawmakers and added to the social network's mounting problems.The company endured a rough week in Washington, where lawmakers questioned if CEO Mark Zuckerberg had lied before Congress and ramped up calls for a comprehensive data privacy bill to rein in Silicon Valley.
“It appears that Facebook has not been honest with Congress or the public about how it treats its users’ data,” Rep. Frank Pallone Jr. (D-N.J.), who will chair the House Energy and Commerce Committee, said in an emailed statement to The Hill, highlighting the growing impatience with the company.
“Mark Zuckerberg testified that Facebook doesn’t sell users’ data. But the company does make deals to hand out consumers’ data for its own financial benefit, including by allowing companies to snoop, or even delete, users’ private messages,” Pallone continued, vowing further action.
“Based on these revelations, I’m concerned that Facebook may have provided the Committee with inaccurate, incomplete, or misleading responses to our questions, and we’ll be following-up,” he said.
Lawmakers have roundly criticized Facebook and its executives but it is unclear if they are any closer to bridging the divisions over a federal privacy law.
Facebook and other companies have long enjoyed little regulation in the U.S. when it comes to data collection and targeted advertisements. But that era may be coming to an end as Congress has largely endorsed the need for privacy legislation.
Meanwhile, lawmakers are growing restless with the Federal Trade Commission (FTC) as they wait to see if the agency takes action against Facebook.
The agency opened an investigation in March into the company’s handling of the Cambridge Analytica scandal to determine whether it had violated a 2012 consent agreement settling previous privacy charges. But the FTC has remained tight-lipped about the probe, prompting criticism and calls for swift action by Congress.
“Instead of acting to protect consumers after its original breach of consumer privacy, Facebook appears to have defiantly violated its consent order,” Sen. Richard Blumenthal (D-Conn.) wrote in a letter to the FTC this week. “While news of Facebook’s conduct continues to unfold, I am concerned that the FTC seems to be sitting on the sidelines, allowing Facebook and its handpicked auditing companies to vouch for the company.”
Facebook declined to comment to The Hill.
In blog posts this week, the company defended the data-sharing agreements as necessary for certain features and maintained that they were not in violation of the consent decree.
“These experiences were publicly discussed,” Ime Archibong, Facebook’s vice president of product partnerships, wrote. And they were clear to users and only available when people logged into these services with Facebook. However, they were experimental and have now been shut down for nearly three years.”
Under the FTC agreement in 2012, Facebook is prohibited from “making misrepresentations about the privacy or security of consumers' personal information.”
A New York Times story this week revealed data-sharing partnerships with other large tech firms that had not been previously disclosed. Those disclosures have many again questioning whether the company ran afoul of the settlement.
If the FTC finds that Facebook did violate the consent decree, the agency could theoretically fine the company trillions of dollars, though a smaller penalty would be more likely.
The agency could also demand revisions to the original settlement to further restrict Facebook’s data collection practices.For many observers, how the FTC handles Facebook will be a test of the agency’s approach to policing the lucrative practice of data gathering and its ability to oversee Silicon Valley.
William Kovacic, who chaired the agency during the George W. Bush administration, said that the Facebook settlement was meant to be the beginning of a new enforcement approach to a burgeoning internet sector and the mounting data scandals at the company since may require the FTC to reexamine it.“When you announce what you depict as a big policy development — with powerful commitments, with a powerful remedial scheme in place, strong monitoring — and it appears to fall apart, there’s a serious question about the effectiveness of your privacy program,” Kovacic told The Hill. “One reason why there’s a lot at stake here is that six years ago the commission said, ‘This is the flagship of a new national data protection program.’
“So if this is your new flagship, what happens when it seems to be listing badly, because it is sinking,” he added.
Privacy activists, though, say the FTC won’t be able to come up with a solution that will assuage their concerns about pervasive data collection on internet users. For one, there is only so much that the commission can do.
“There's a great deal of pressure by Congress to do something and the issue is that the agency is somewhat limited in their enforcement authority, particularly around the ability to extract a large fine,” said Ashkan Soltani, a former chief technologist for the FTC under the Obama administration.
Soltani added that the agency has limited resources and it’s congressionally-mandated scope is too narrow to act as a full-strength data protection authority.
Expanding the agency’s reach is among the proposals being pushed for a national comprehensive privacy law, which has gained bipartisan backing as states bypass the federal government to impose their own tough regulations.
But as lawmakers grow increasingly fed up with Facebook and the industry as a whole, they are pushing innovative and tougher ways to regulate Silicon Valley's data practices.
Sen. Ron Wyden (D-Ore.) revealed a bill earlier this year that would include prison time for executives who repeatedly violate user privacy. In an op-ed for NBC News this week, Wyden argued that the latest revelations about Facebook reinforce his belief that Congress can no longer trust internet giants to regulate themselves.
“Companies repeatedly lie to Congress and the American people about what they do with our information,” Wyden wrote. “It’s my view that CEOs who lie to the government about protecting your privacy shouldn’t get off with a slap-on-the-wrist fine: They should face serious financial penalties and even the possibility of prison time for lying to the government about protecting your data and, under my bill, they will.
“After watching the privacy spin cycle far too many times, it’s clear to me that corporate CEOs need some skin in the game to actually take Americans’ privacy seriously,” he added.