Yesterday, the New York Times reported that the company had special relationships with a handful of major tech companies, including Amazon, Microsoft and Spotify. The report alleges that Facebook allowed those partners forms of user data access that the company claimed it had curtailed prior to this year’s revelations around Facebook’s data sharing with Cambridge Analytica.
Facebook predictably pushed back against the report in a blog post, claiming that “none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC.”
While Facebook dismisses much of the current criticism as a mischaracterization of these data sharing relationships, a number of lawmakers are, naturally, using the situation to nudge forward their own regulatory agendas.
Oregon Senator Ron Wyden, one of the fiercest privacy advocates in Congress, released a statement on the news: “Mark Zuckerberg had a lot of chutzpah telling Congress that Americans could control their data, when seemingly every other week Facebook faces a new privacy scandal for abusing our personal information,” Wyden said.
“When companies repeatedly lie to Congress and the American people about what they do with our messages, location, likes and everything else, Congress has a duty to do something about it.”
Wyden pointed to his own proposed legislation, the Consumer Data Protection Act, released as a discussion draft in early November. The legislation would empower the Federal Trade Commission to punish companies with meaningful fines (up to 4% of annual revenue) and even “10-20 year criminal penalties for senior executives.”
The bill also proposes a national Do Not Track system to protect user privacy, minimum cybersecurity standards and a means for consumers to review what personal data has been collected about them and what entities it has been sold to or shared with.
“I wrote a tough new consumer privacy bill to punish companies – and even put CEOs in jail – if they lie about protecting your privacy. Clearly these people need some skin in the game before they will take Americans’ privacy seriously,” Wyden said of the bill.
Hawaii Senator Brian Schatz weighed in as well, also recommending that the FTC be given the power to oversee and punish large tech companies that trade in user data.
Senator Amy Klobuchar tweeted “@nytimes Facebook report today must = FTC penalties & privacy legislation,” echoing the idea of empowering the FTC to police big tech. Klobuchar also pointed to her own bipartisan privacy bill, the Social Media Privacy Protection and Consumer Rights Act, co-sponsored by John Kennedy (R-La.). That bill would force companies to make terms of service more simple and comprehensible and allow users to request to have their data (actually) deleted.
If Wyden’s proposal is aggressive, it’s also probably a good starting place for regulating big tech’s data brokers — that and cheating off the EU’s tough GDPR template. If the bill picks up any traction (and it’s new enough that we don’t know yet if it will) it’s likely to be watered down over time as lawmakers with a more lenient view of how big tech should be regulated look it over.
Of course, nothing in Congress happens quickly, especially considering the amount of money that tech’s biggest companies pour into Washington D.C. lobbying that makes a case for ongoing self-regulation. Still, with every new privacy stumble, Congress gets a notch more serious about regulation, even if it moves at a snail’s pace.