Moments before the most maligned tech entrepreneur in the world arrived in a government hearing room in Washington, D.C., this week, aides slipped a cushion on the chair he would be sitting in.
Facebook co-founder Mark Zuckerberg is 5 foot 7. If he was going to submit to a ritual grilling from members of Congress, the youthful-looking mogul wasn’t going to appear small doing it.
Public hearings are political theatre; the one this week in the United States was staged to express outrage and concern about the worrisome revelations related to the unauthorized use of Facebook data by the political consulting firm Cambridge Analytica.
But while the spectacle may have been occasionally entertaining, it certainly wasn’t necessary. The current scandal notwithstanding, we have known for a very long time about Facebook’s troubling practices around data security and user privacy.
Mr. Zuckerberg himself has a lengthy history of apologizing for the misuse of data, all the way back to his first public expression of contrition after he accessed the personal data of his fellow Harvard students without consent – in 2003, a year before Facebook launched.
There is no history, however, of holding him and others like him to account. No major economic sector has regulatory terms as lax as those enjoyed by internet-related companies. That is the fault not of the people who have sought tougher rules, but of the governments who acquiesced to lobbyists for a business that has come to be known by the troubling name of “surveillance capitalism.”
Anyone who actually wants to regulate this industry faces numerous challenges, however.
For instance, it will be difficult to craft rules that solve the conundrum of whether it’s even possible for companies like Facebook to provide affirmative, informed consent for the complicated and ever-changing things being done with our data. No doubt, coders in Silicon Valley are working this very minute to find new and more intrusive ways of mining the information we willingly gave to internet companies under soon-to-be-outdated terms.
Another challenge lies in the fact that governments often have no idea what companies like Facebook are up to in the present, let alone what they will do down the road. Despite Mr. Zuckerberg’s carefully crafted answers at the hearings this week, he revealed several startling facts.
It turns out that Facebook can gather information about people who don’t even have Facebook accounts, and it does so without seeking consent. As well, it is able to harvest browsing data after users have exited the company’s app, and it tracks commercial transactions even when they aren’t explicitly shared.
The biggest challenge for regulators, however, is that well intentioned rules can lead to unforeseen consequences. As the Electronic Frontier Foundation and other civil liberties organizations have warned, the biggest threat is one of censorship. Regulating the tech sector requires care.
Thankfully, some governments are leading the way. The European Union’s General Data Protection Regulation (GDPR) will come into force on May 25. Several of its provisions are already mirrored in Canadian law, but the EU rules also contain ideas that could help reform a regime that the federal privacy commissioner, Daniel Therrien, described last month as “archaic.”
For instance, the EU is mandating simplified user agreements, a qualified right to be forgotten (i.e., the right to have outdated news stories removed from the internet), and the compulsory reporting of data breaches by companies.
Other ideas are gaining currency within the privacy community. A big one is setting an expiry date on personal data held by companies, after which it must be deleted unless consent is explicitly, positively reaffirmed. Another is to make privacy the default option for users; for their data to be shared, they have to expressly opt in.
By its own admission, Facebook is able to build profiles of people who aren’t even on its platform. It is everywhere, gathering data with almost no oversight, all for profit. Mr. Zuckerberg was asked at one point if he might entertain changes to that model; he was steadfastly non-committal.
In the absence of a clear answer, governments will have to provide one.