A Blog by Jonathan Low


Apr 11, 2018

Zuck Has Apologized And Suggested Changes. Now What?

European-style extreme data protection is unlikely in the US - but it does represent the worst case 'stick' that Congress is brandishing to force Facebook to embrace a somewhat more palatable 'carrot.' A number of the potential options from both Europe and the US are described below.

The challenge is that the regulatory options under US law are complicated and may neither satisfy critics - or solve the problem(s). That said, the gauntlet has been thrown down. Facebook had better pick it up fast or someone else will. JL

Natasha Singer reports in the New York Times, John McKinnon and Keach Hagey report in the Wall Street Journal:

Coming up with smart, effective rules to govern the huge businesses of Facebook and its rivals, from Google to Twitter , would be challenging, and sound legislation could take months, if not years, to execute. The goal would be to protect user privacy, increase transparency and give individuals greater control over their digital identities, while not stifling innovation in an industry that is the epitome of American ingenuity and entrepreneurship.
New York Times Next month, a comprehensive new data protection law goes into effect in the European Union, placing greater requirements on how companies like Facebook and Google handle users’ personal information. It also strengthens individuals’ rights to control the collection and use of their data.
Mark Zuckerberg, Facebook’s chief executive, said his company would offer its users all over the world the same privacy controls required under the European law.
What would that look like for Facebook users? That is still a work in progress. A Facebook spokeswoman said the company would provide more details about its plans in the coming weeks.
In the meantime, here are some of the general requirements and rights under the new European law. Although some of the practical steps that companies must take are still being worked out, several European privacy and consumer advocates, who had pushed for the new law, offered their thoughts on what Facebook might need to do to extend the protections to its users worldwide.

Minimizing Data Collection
The European law, called the General Data Protection Regulation, requires companies to collect and store only the minimum amount of user data needed to provide a specific, stated service. That means a flashlight app should not be asking users for access to their photos or contacts.
Anna Fielder, a senior policy adviser at Britain-based Privacy International, said she thought the new law would require the social network to change certain advertising and other settings to make privacy, and not sharing, the default. Currently, the company makes certain user profile details public by default. And the default advertising settings allow targeted ads based on a user’s relationship status, employer, job title, education and use of websites and apps.
Facebook currently has controls that allow users to choose who can see their posts. There is also a “privacy checkup” feature where users can adjust their sharing settings.
In a statement in response to questions, Rob Sherman, Facebook’s deputy chief privacy officer, said, “We need to do more to keep people informed and in control.” He noted that the company had recently introduced a new “privacy shortcuts” menu that centralized major privacy, security and ad settings. “These are just a few small steps and there’s more to come,” he said.
Obtaining Users’ Consent
The European law requires companies like Facebook and Google to use clear and plain language to explain how they will use their users’ personal details. The companies must also provide information about what other kinds of entities users’ data will be shared with. Digital platforms must also obtain consent from individuals for many uses of their data.
When companies want to use individuals’ data for a new purpose, they must explain that new purpose and obtain users’ permission. And companies must get special permission from users to collect and use sensitive details like health information, unless that data is clearly related to the purpose of the service, such as a diabetes management app.
That means Facebook will probably need to rework its data policy and terms of service, said Finn Lützow-Holm Myrstad, director of digital policy at the Norwegian Consumer Council, a nonprofit group in Oslo. He added that he thought the law would also require Facebook to give users more “real choices, not take it or leave.” The current data policy requires people who sign up for the social network to allow Facebook to, among other things, track them on many other apps and websites.
Mr. Sherman, Facebook’s deputy chief privacy officer, said that Facebook was updating its terms of service and data policy to ensure that it complied with the new European law. Those updates cover users worldwide, with legal variations in some places.
Algorithmic Decision-Making
The European law gives individuals the right not to be subject to completely automated decisions which significantly affect them. These decisions could include credit algorithms that use an individual’s data to decide whether a bank should grant him or her a loan.
Privacy International said the clause on automated decisions could allow consumers to challenge Facebook practices like political advertising, which can be sent to users based on algorithms, because the ads are meant to sway users’ votes.
Facebook currently has a section called “Your Ad Preferences” that allows users to opt out of seeing ads based on their relationship status, employer, education, interests, and use of websites and apps. Users can also hide ads related to three topics — alcohol, pets and parenting — or suggest a topic they would rather not see ads about.
Accessing Data About You
The European law gives people the right obtain a copy of the records that companies hold about them.

Facebook already allows users to download a copy of their information — such as the messages they have sent on the service and the status updates they have posted.
At the end of March, the company announced new tools to let its users see and delete information such as their friend requests and their Facebook searches.
But if Facebook wants to offer European-level privacy protection to all, it would also need to provide its users with the data that Facebook itself collected or created about them, including any categories, descriptions or behavior scores Facebook assigned to them, European privacy experts said. And it should provide users who seek their own records with any data that Facebook has obtained from tracking them around the web as well as any data that Facebook obtained about them from third parties, like data brokers, they said.
“You exercise your access rights and you have the right to know everything about you,” said Giovanni Buttarelli, the European data protection supervisor who oversees an independent European Union authority that advises on privacy-related laws and policies.

Wall Street Journal
Facebook’s data-privacy troubles are likely to prompt a raft of questions over how the government should regulate social-media platforms.
So, what might such regulation look like?
The question has grown urgent after Facebook acknowledged that political consulting firm Cambridge Analytica improperly accessed the private data of some 87 million users. In response, Congress, the Federal Trade Commission and even state attorneys general are deliberating regulatory options, as Washington senses growing public discontent with the status quo.
“I do think that we could be an incident or two away ... from the public demanding action,” said Sen. Mark Warner (D., Va.), who is focused on technology issues. “You could imagine a firestorm that would dwarf anything that’s come to date.”
Coming up with smart, effective rules to govern the huge businesses of Facebook and its rivals, from Google to Twitter , would be challenging, and sound legislation could take months, if not years, to execute.
The goal would be to protect user privacy, increase transparency and give individuals greater control over their digital identities, while not stifling innovation in an industry that is the epitome of American ingenuity and entrepreneurship.What follows is a guide to the most plausible options for those positioned to create the rules of the road, and the challenges to implementing them:
Pass data-privacy legislation: Congressional action to introduce new laws to protect the data of individuals would be the single most powerful step Washington could take. Other countries have taken such an approach, which involved delineating how companies can collect, share and utilize user data. But passing such legislation could be a heavy lift. Rep. Marsha Blackburn (R., Tenn.), an influential subcommittee chairman, introduced such a bill last year, but tech lobbyists beat back her effort.
Repeal tech’s legal immunities: Facebook, Google and other tech giants generally can’t be held legally responsible for the bad behavior of those who use their platforms, thanks to laws enacted when the internet was first blossoming in the 1990s. But lawmakers recently voted to end the legal immunity for websites that facilitate sex trafficking online, a big signal that Congress could take further steps to hold platforms more accountable.
“I think it’s a wake-up call,” Commerce Committee Chairman John Thune (R., S.D.) said when asked what the sex-trafficking bill might mean for privacy regulation and other potential curbs on Silicon Valley. “In the future, tech companies have to understand that it’s not the Wild West, and they have to exercise responsibility,” he said.
Leverage the FTC: As the government’s chief privacy regulator, the FTC is already conducting a sweeping investigation of Facebook’s privacy practices; and advocates believe it has a powerful case, contending the company violated terms of a 2011 FTC agreement concerning its user-privacy practices. “The FTC had a legal judgment against Facebook to prevent precisely the practice that occurred,” said Marc Rotenberg, president of the Electronic Privacy Information Center.


Post a Comment