Europe’s parliament calls for full audit of Facebook in wake of breach scandal

The European Parliament has called for a full audit of Facebook following a string of data breach scandals —  including the Cambridge Analytica affair.

MEPs are urging the company to allow European Union bodies to carry out a full audit to assess data protection and security of users’ personal data, following the scandal in which the data of 87 million Facebook users was improperly obtained and misused.

In the resolution, adopted today, they have also recommended Facebook make additional changes to combat election interference — asserting the company has not just breached the trust of European users “but indeed EU law”.

We’ve reached out to the company for comment on the parliament’s resolution.

Earlier this month the EU parliament’s civil liberties committee adopted a similar resolution, calling for a full and independent audit of Facebook and for the company to make further changes to its platform.

The Libe committee also called for an update to EU competition rules to reflect what it dubs “the digital reality”, and investigation of what it called the “possible monopoly” of big tech social media platforms.

Commenting in a statement today, following the parliament’s vote, civil liberties committee chair Claude Moraes said: “This is a global issue, which has already affected our referenda and our elections. This resolution sets out the measures that are needed, including an independent audit of Facebook, an update to our competition rules, and additional measures to protect our elections. Action must be taken now, not just to restore trust in online platforms, but to protect citizens’ privacy and restore trust and confidence in our democratic systems.”

The resolution follows an appearance by Facebook’s founder Mark Zuckerberg in front of the EU parliament’s Conference of Presidents in May, and a series of parliament committee hearings including with Facebook staffers.

The EU’s tough new data protection framework, GDPR, only came into force this May — so the Cambridge Analytica breach is being handled under the bloc’s prior data protection framework, comprising a patchwork of Member State laws.

And earlier today a fine handed to Facebook for this breach by the UK data watchdog was upheld. The £500k penalty is the maximum possible fine under the country’s prior data protection regime.

In the new resolution, MEPs have suggested the data obtained by Cambridge Analytica may have been used for political purposes, by both sides in the UK referendum on membership of the EU and to target voters during the 2016 US presidential election — describing it as a matter of urgency that electoral laws be adapted to take account of digital campaigning. (Clearly with an eye on the upcoming EU elections, next May.)

To combat electoral meddling via social media, MEPs are proposing:

  • applying conventional “off-line” electoral safeguards online: rules on spending transparency and limits, respect for silence periods and equal treatment of candidates;
  • making it easy to recognise online political paid advertisements and the organisation behind them;
  • banning profiling for electoral purposes, including use of online behaviour that may reveal political preferences;
  • that social media platforms should label content shared by bots, speed up the process of removing fake accounts and work with independent fact-checkers and academia to tackle disinformation;
  • investigations should be carried out by member states with the support of Eurojust, into alleged misuse of the online political space by foreign forces.

In the UK a parliamentary committee also recently urged the government to prioritize updating electoral law to take account of digital risks to democratic processes. Although the government has so far only taken a cautious approach, saying it’s still gathering evidence via a series of reviews into different aspects of the issue.

Meanwhile Facebook has been rolling out its own system of checks on political advertisers in certain regions — including the UK.  Though MEPs evidently believe the company needs to go further.

The UK’s DPA also previously called for an ethical pause on political microtargeting via online platforms, saying it had a number of concerns about how data is being used and potentially misused.

Update: A Facebook spokesperson pointed us to its earlier statement after the Libe committee resolution on the same issue, in which it states: “We are grateful to the European Parliament for the number of opportunities to come and explain the changes we have made to our platform. We are working relentlessly to ensure the transparency, safety and security of people who use Facebook. Over the last months we have developed sophisticated systems that combine technology and people to prevent election interference on our services. This is part of a broader challenge for us at Facebook to be more proactive about protecting our community from harm and taking a broader view of our responsibility overall.”