Facebook Critics Dubious Of New Privacy Policies
By Harper Neidig, THE HILL
April 22, 2018
Facebook’s response to a massive data scandal is doing little to appease privacy advocates.
It’s been a month since the news broke that Cambridge Analytica, a political consulting firm that did work for the Trump campaign, had obtained data on millions of Facebook users without their knowledge.
The revelation spurred investigations from regulators in the U.S. and Europe and drove Facebook CEO Mark Zuckerberg to testify before Congress for the first time. And in the face of the scrutiny from governments and consumers around the world, Facebook has mounted an apology tour, pledging to re-evaluate its responsibility to its users.
As part of that effort, and as the company readies itself for a sweeping European Union (EU) privacy law, Facebook has announced a series of changes to its platform that it says will better protect user data and provide more transparency.
Privacy advocates, many of whom have been criticizing Silicon Valley’s data collection practices for years, are skeptical that the changes will have any real effect.
“It doesn't look to me like they're sincere about that at all,” said John Simpson of Consumer Watchdog. “I'm not particularly impressed yet about their so-called commitment to privacy.”
Facebook said that it would restrict third-party apps’ data collection and announced that it would be severing ties with data brokers, which have helped advertisers link Facebook data with consumer information from other sources.
Some watchdogs see the moves as promising first steps, but insist they fall short of alleviating their concerns about the way Facebook operates.
Some of the reforms appear to be in preparation for the EU’s General Data Protection Regulation (GDPR), a law going into effect next month that will require websites to offer users greater control over their own data and be more upfront about how they collect and use personal information.
Critics say that Facebook has been using the changes for GDPR as a way to deflect concerns that bubbled up following the Cambridge Analytica scandal. And many who support the GDPR worry that Facebook is only doing the bare minimum required by the law.
It doesn’t help that media reports appear to show Facebook is waffling on its commitment to extend new privacy protections required under the European law to users around the world. Reuters reported this week that Facebook is tweaking its user agreements so that effectively only Europeans will be using a service governed by GDPR.
“It's a disgrace that Facebook has not confronted the challenge of GDPR to change its overall business model,” said Jeff Chester, the executive director of the Center for Digital Democracy. “What we're getting from Facebook are just more controls for people to opt out instead of a reduction in the collection and use of our data.”
Facebook declined to respond to specific criticisms, but denied that the changes to user agreements mean that users outside of Europe will have fewer privacy protections.
“The GDPR and EU consumer law set out specific rules for terms and data policies which we have incorporated for EU users," Stephen Deadman, Facebook's deputy global privacy chief, said in a statement to The Hill. "We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that.”
Privacy advocates have called for Facebook to change its user settings to minimize the amount of information that the website collects by default. They argue that internet companies should make it so that users must give affirmative consent for data collection and that such consent should not be a condition for using their services.
Those practices will be required by law in Europe when the GDPR goes into effect on May 25.
Meanwhile, the Cambridge Analytica scandal has spurred calls in the U.S. for comprehensive privacy legislation.
But any proposals in Congress appear to have a long battle ahead of them before becoming law, and internet giants will likely continue to fight any efforts to impose stiffer regulations.
Allie Bohm, a policy counsel for the consumer group Public Knowledge, says that in the absence of laws governing data practices in the U.S., Facebook and other tech companies have a responsibility to re-evaluate their policies and their relationships with their users. But she argues that the burden lies with policymakers to ensure that internet users in the U.S. have a right to more control over their personal information.
“We need to be looking at comprehensive privacy legislation that covers everyone who has our private information, not simply concerned with whether Facebook is coming up with good policies today,” Bohm said. “There's nothing that Facebook can do that's going to make me say, 'Oh, they solved the problem, now we don't need legislation.' "