Zuckerberg Makes a 180 on Privacy - Is It for Real?
The backlash against high-tech’s privacy-invading business model is growing—but one hard-hit Silicon Valley institution, Facebook, announced a potentially far-reaching reform late on Wednesday.
Over a 24-hour period, it appears that Facebook CEO Mark Zuckerberg went from endorsing, “in spirit,” soon-to-take-effect European Union privacy rules, to committing that Facebook will implement the EU rules across its global platform used by 2.2 billion people. The EU rules give people, not corporations, power over their personal data.
“We intend to make the same settings available everywhere, not only in Europe,” Zuckerberg said, PoliticoPro reported. “We need to figure out what makes sense in different markets with the different laws and different places… But let me repeat this, we’ll make all controls and settings the same everywhere, not just in Europe.”
Zuckerberg’s comments came hours after another company disclosure dominated Wednesday’s news: that 87 million people—50 percent more than previously known—“mostly in the U.S.,” may have had their Facebook profiling data “improperly shared” with a UK political consulting firm that was working for Sen. Ted Cruz, R-TX, in 2016's presidential primaries and then hired by Donald Trump.
That British firm, Cambridge Analytica, apparently stole those Facebook files in 2014 as part of a much-hyped plan to psychologically profile American voters. However, Trump’s campaign ended up not using its profiles because its media buyers worked directly with Facebook to access more current user profiles via its targeted advertising platform.
The Cambridge Analytica scandal has elevated online privacy issues in a manner not seen since Edward Snowden’s NSA whistleblowing. Lawmakers in the U.S. and UK have demanded Zuckerberg testify. Facebook’s stock has fallen, along with other tech stocks. Meanwhile, pressure has mounted on other online platforms to follow Europe’s lead to give people control over personal data.
Longtime media and democracy activists like Jeffrey Chester, executive director of the Center for Digital Democracy, expressed cautious optimism at Zuckerberg’s announcement.
“It took a global privacy 10.0 earthquake, in the form of the Cambridge Analytica scandal, to move Facebook to this potentially historic change in how it operates its business,” he said. “Americans have no real privacy rights today when they go online. Facebook, Google and their business allies have blocked any legislation that would protect consumers online. But starting next month, Europeans will benefit from the most far-reaching data privacy law ever enacted. It will give regulators, advocates and citizens the power to rein in the data giants like Facebook.”
The European privacy rules were years in the making. They were pushed by civil society groups, scholars, digital rights advocates and dedicated European Parliament members, such as Jan Philipp Albrecht, a member of Germany’s Green Party. In recent weeks, international coalitions like the Trans Atlantic Consumer Dialogue have been asking aloud if Americans would benefit from the new EU privacy rules set to take effect in May.
“Zuckerberg knows his only hope to stem the bleeding that threatens his company’s financial future is to adopt—not fight against—these new EU rules,” Chester said. “This is potentially a historic game changer for people all over the world. If Facebook truly agrees to pass on to global users all the new ways people will be able to have more control over there data, as well as benefiting from better business practices, Google and others will have to fall in line.”
Domestic Calls for Tech to Adopt “Security Pledge”
Zuckerberg knew privacy and consumer advocates working together on both sides of the Atlantic intended to push Facebook—and other top platforms—until they globally compiled with the EU rules, Chester said.
On Monday, a coalition of prominent American privacy, civil liberties and human rights groups announced a campaign calling on the tech sector to aggressively protect user data. They want the biggest firms to sign a “security pledge” to prevent the Internet from being turned into “a weapon against the public.”
“Corporate and government attacks on human rights to privacy, security, and liberty are increasing across the globe, and technology plays a central role in extending their reach,” their problem statement said. “Technology can empower and grant freedoms to us all, but now our online data is empowering data brokers, ISPs, surveillance companies, and runaway government agencies to discriminate, exploit, and limit our freedoms.”
“If a company wanted to exploit, or an authoritarian government wanted to surveil everyone affiliated with a certain racial, religious, or political group, they could do so with the information collected on innocent people by technology and social media companies,” it continued. “Companies and governments can exploit the massive troves of data companies have on people and weak links in internet security. They can twist the internet into something it was never meant to be: a weapon against the public.”
“Tech companies need to change,” said the headline on SecurityPledge.com, backed by 18 Million Rising, the American Civil Liberties Union, Demand Progress, Coworker, Color of Change, Fight for the Future, Free Press, Government Accountability Project, Presente, and Sum of Us. These groups, collectively, have millions of grassroots members.
"The pledge outlines a detailed set of technological and policy commitments that tech companies must make in order to 'ensure the Internet is used to expand democracy, not undermine it,’" their release said. “The organizations behind the campaign will encourage users to flock to services that have taken these steps and avoid those that haven’t until they do.”
The pledge, summarized, calls for technology companies to:
- Limit the amount of data they collect in the first place, and give users control over how it is shared.
- Offer end-to-end encryption by default to ensure that users’ communications are protected from corporate and government surveillance.
- Provide users with full transparency about what data is collected, how it is used, and what measures are in place to prevent it from being abused.
- Support legislation and policy reforms that limit government access to user data except with a warrant and judicial oversight.
“This is a watershed moment for the internet,” Evan Greer, deputy director of Fight for the Future, said in their release. “Millions of people now understand how their data can be weaponized and used against them, and they are demanding change… If the largest tech companies take the steps outlined in the security pledge, it will change the course of human history for the better, and protect billions of people’s basic rights.”
“It’s time that companies take steps to ensure that using their products doesn’t mean that users have to sacrifice their rights,” Neema Singh Guliani, ACLU legislative counsel, said. “The way companies treat data can affect whether you are wrongly excluded from job or housing ads because of your gender, targeted for dubious financial products, or have your security compromised. Many companies have for too long ignored their obligation to treat data responsibly, prevent information from being used to discriminate, and provide users’ full control over how it is handled.”
The targeted companies are Google (7 products, 1 billion users), Facebook (2.2 billion users), Microsoft (1.5 billion Windows users), Apple (1.3 billion iPhone, iPad and Mac users), WhatsApp (980 million users), Instagram (800 million users), Tumblr (794 million users), Amazon (310 million users), Skype (300 million users), LinkedIn (260 million users), Snapchat (250 million users), Reddit (250 million users), Pinterest (200 million users), eBay (170 million users), Comcast (24 million broadband subscribers), Charter (22 million broadband subscribers), AT&T (16 million broadband subscribers), Verizon (7 million broadband subscribers) and CenturyLink (6 million broadband subscribers).
Do Americans Really Value Privacy?
Facebook was not the only platform used by domestic and foreign actors to spread propaganda in 2016’s presidential election. But it has come under more scrutiny than YouTube, owned by Google, and Twitter. And Facebook has taken more visible steps to prevent this history from repeating itself.
For example, it has more prominently displayed user privacy settings, limited access to the personal data it collects and will share, and has taken down more Russia-created pages aimed at roiling U.S. politics.
However, what Facebook and other Silicon Valley titans have not been doing is replacing an industry surveillance-based business model that profiles individuals for advertisers, whether commercial or political.
As Brad Parscale, digital director of Trump’s 2016 campaign, tweeted about the president’s feelings about Facebook compared to Amazon, “Do not forget to mention that
@amazon has probably 10x the data on every American that @facebook does. All that data and own a political newspaper, The @washingtonpost. Hmm...”
Whether other American high-tech companies will adopt the EU data privacy rules is an open question.
As Newsweek’s Nina Burleigh wrote in a piece this week about the EU privacy rules, Americans see this question differently than Europeans do.
“American consumers seem to value convenience over privacy and there has been little political will to interfere with Big Data’s role in commerce,” she noted. A recent Reuters/Ipsos poll—conducted after the recent revelations about misuse of personal data from 50 million [now 87 million] Facebook users—also found the vast majority of Americans have not take individual steps to protect their information.”
The authors of the Security Pledge campaign are hoping that will change as Americans better understand the stakes.
“The internet can be made a tool for transformational change for the better, but it can also be used for the extraction of sensitive private information and manipulation towards the benefit of large corporations or for social control by governments,” David Segal, executive director of Demand Progress, said in the release announcing the Security Pledge. “The major online platforms are facing a reckoning: How they respond in this moment will help determine whether the utopian vision that inspired so many internet pioneers and users stands a chance of becoming a reality, or whether companies will ignore the public interest turn the internet against its users towards the end of private benefit.”