Facebook CEO Mark Zuckerberg urged to adopt EU’s GDPR privacy rules globally

Facebook co-founder and CEO Mark Zuckerberg. Photo credit: Presidencia de la República Mexicana / Flickr (CC BY 2.0)

By Obert Madondo |  | Apr 10, 2018

A coalition of consumer and privacy groups from the US, Canada and the European Union is urging Facebook CEO Mark Zuckerberg to ensure that his company adopts the EU’s General Data Protection Regulation (GDPR) “as a baseline standard” for all Facebook users around the world.

“We write to you on behalf of leading consumer and privacy organizations, members of the Transatlantic Consumer Dialogue, in the United States and Europe to urge you to adopt the General Data Protection Regulation as a baseline standard for all Facebook services,” the the 70-member Transatlantic Consumer Dialogue (TACD) wrote in a letter (pdf) released Monday. “There is simply no reason for your company to provide less than the best legal standards currently available to protect the privacy of Facebook users.”

The coalition’s letter comes in the wake of the Facebook-Cambridge Analytica data breach scandal. Initial reports had indicated the Cambridge Analytica, which claims to have aided US President Donald Trump’s 2016 presidential campaign, had harvested the personal data of 50 million Facebook users. Last week, Facebook disclosed that the Vancouver-based data analytics company had actually harvested the data of up to 87 million users.

Last month, Cambridge Analytica whistleblower Christopher Wylie told the Observer:

We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.

Passed by the European Parliament in 2016 after a negotiation and adopting process that started in 2012, the GDPR comes into force on May 25. Under GDPR rules, Facebook would give its users around the world the same GDPR-mandated powers, tools and controls, including control over how companies use people’s digital data.

According to the Electronic Privacy Information Center (EPIC), a public interest research center based in Washington, DC.:

The purpose of the GDPR is to strengthen the fundamental rights of individuals and put users back in control of their personal data. The rules include data breach notification, coordinated enforcement, enhanced penalties, strengthened consent, and new measures to promote privacy innovation.

The coalition’s letter adds:

The GDPR helps ensure that companies such as yours operate in an accountable and transparent manner, subject to the rule of law and the democratic process. The GDPR provides a solid foundation for data protection, establishing clear responsibilities for companies that collect personal data and clear rights for users whose data is gathered. These are protections that all users should be entitled to no matter where they are located.

We favor the continued growth of the digital economy and we strongly support innovation. The unregulated collection and use of personal data threatens this future. Data breaches, identity theft, cyber-attack, and financial fraud are all on the rise. The vast collection of personal data has also diminished competition. And the targeting of internet users, based on detailed and secret profiling with opaque algorithms, threatens not only consumer privacy but also democratic institutions.

The coalition’s letter was released on the eve of Zuckerberg’s scheduled appearance before several US congressional committees this week. The coalition expects Zuckerberg to confirm Facebook’s “commitment to global compliance with the GDPR and provide specific details on how the company plans to implement these changes” during the hearings.

The coalition’s letter concludes with:

We urge you to make clear your commitment to comply with the GDPR standards in all jurisdictions for all users, and we hope that your leadership on this issue will prompt others to make similar commitments.

As part of its response to the scandal, last month, Facebook announced new privacy tools to “put people in more control” of their data. Last week, the company introduced new API changes that will “better protect people’s information while still enabling developers to create useful experiences.” According to the San Francisco-based Electronic Frontier Foundation, a nonprofit organization dedicated to defending civil liberties in the digital age, Facebook’s API changes “do a lot to lock away user information from third-party developers, but little to protect user information from Facebook itself.”

Obert Madondo is an Ottawa-based blogger, activist, photographer, digital rights enthusiast, former political aide, and former international development administrator. He’s the founder and editor of these blogs: The Canadian ProgressiveThe Zimbabwean Progressive, and Charity Files. Follow him on Twitter: @Obiemad