Mark Zuckerberg did little to help defuse digital advertising’s “creepy because it’s complicated” reputation during a congressional hearing on April 10 in the wake of Facebook’s Cambridge Analytica scandal. He may have even inflamed it.
Under questioning by Roger Wicker, a Republican senator from Mississippi, Zuckerberg revealed that not even Facebook’s CEO has a firm grasp on what information Facebook collects on people to target them with ads.
Wicker: “There have been reports that Facebook can track the user’s internet browsing activity even after that user has logged off of the Facebook platform. Can you confirm whether or not this is true?”
Zuckerberg: “Senator, I want to make sure I get this accurate. So it’d probably be better to have my team follow up afterwards.”
Wicker: “You don’t know?”
Here is a more precise answer: Yes, Facebook can track people’s internet browsing activity even after they have logged off of Facebook.
Facebook even updated its Cookies Policy last week to clarify that the company is able to collect “information about your use of other websites and apps, whether or not you are registered or logged in,” according to the revised policy that was published on April 4.
The previous version of Facebook’s Cookies Policy was less clear. That version specified that Facebook could still collect information about people using its own website and apps whether they or not they are registered users or logged in to Facebook but did not specify if that was the case for non-Facebook sites and apps.
Zuckerberg’s apparent uncertainty about how Facebook tracks people outside of its walled garden to target them with ads compounds the issue facing digital advertising in the wake of the Cambridge Analytica scandal. The more light that is shone on the tracking and targeting that goes on, the more aware people become of the shadows.
Early into Tuesday’s hearing, Iowa Senator Chuck Grassley asked Zuckerberg if Facebook has been able to identify companies that have improperly accessed Facebook user data other than Cambridge Analytica and CubeYou, which were both brought to Facebook’s attention by news outlets. Zuckerberg had to equivocate. He reiterated that Facebook is investigating who else may have improperly access data about Facebook’s users but did not include an important caveat that he has admitted elsewhere: Facebook may not succeed in completely containing that data.
Facebook’s questionable competence as steward of its data has raised another question that’s consequential not just Facebook but all of digital advertising: do Facebook and its ilk need to be regulated in the U.S. as they will soon be in Europe when the General Data Protection Regulation takes effect in late May?
Last week Zuckerberg said that Facebook would adopt policies and controls in countries outside of Europe that would be similar to those required under GDPR, and he repeated that commitment on Tuesday.
Coinciding with Tuesday’s hearing, Democratic senators Edward Markey and Richard Blumenthal introduced a bill that would appear to be the closest U.S. equivalent to GDPR, if passed into law. The CONSENT Act — the Customer Online Notification for Stopping Edge-provider Network Transgressions Act — would make it harder for companies like Facebook to collect people’s information by requiring them to ask people to opt in to such data collection and usage.
Blumenthal teased the bill during Tuesday’s hearing and asked Zuckerberg if he would agree to asking people to opt in rather than opting them in by default when they use Facebook. Zuckerberg hedged. “I think that that certainly makes sense to discuss, and the details matter a lot,” he said.
Zuckerberg also hedged when repeating that Facebook is open to being regulated in the wake of the Cambridge Analytica scandal “if it’s the right regulation,” he said. However the conditions of any regulation may not be up to Facebook.
“If Facebook and other online companies will not or cannot fix the privacy invasions, then we are going to have to, we the Congress,” said Bill Nelson, a Democratic senator from Florida. “How can American consumers trust folks like your company to be caretakers of their most personal and identifiable information? And that’s the question.”