This note will be updated as and when witnesses appear in front of various committees that are addressing the topic of misinformation and the use of personal data.
International Grand Committee on Disinformation
Tuesday 27 November 2018 from 19:30 (GMT)
House of Commons Digital, Culture, Media and Sport Committee
Richard Allan, VP Policy Solutions, Facebook
Elizabeth Denham and Steve Wood, Information Commissioner’s Office
Ashkan Soltani, former Chief Technologist at the US Federal Trade Commission
Richard Allan
Allan was immediately quizzed in a thorough way by MPs of the UK and Canada, who lamented Facebook’s lack of accountability and of willingness to respond to questions. UK MP Ian Lucas noted that, while the company says it blocks applications which do not respond to Facebook’s behaviour and privacy standards, in practice they are unable to provide examples of when they have done so.
Allan highlighted how Facebook is working on transparency tools to shine more light on political advertising. These are being implemented in the US, UK, and Brazil. This is made up of three elements: a registry where one can see all ads being run; a verification system to check who is behind each ad; and an archive where all ads are stored. Allan also said the company is now building Whatsapp into its thinking around election integrity.
In general, Allan echoed Zuckerberg’s stance on regulation, saying Facebook accepts that it will have to be regulated. It is up to parliaments to come up with the framework, he said, and welcomed efforts to set out transnational rules. However, the company remains reliant on a business model driven by engagement.
Allan was vague on the issue of liability, saying that Facebook does not agree with the idea to have full liability for the content published on the platform; at the same time, total exemption would also be unrealistic. This is a partial concession to the idea of platforms’ liability, which Facebook and other tech giants have strongly opposed until recently.
Allan referred to recent developments in France, where regulators will monitor Facebook’s businesses practices for six months and make suggestions and proposals accordingly, saying he’s confident French authorities will in turn share their learnings with regulators in other countries.
Elizabeth Denham
Denham noted the importance of connecting with the most senior management figures at Facebook and other tech companies when carrying out investigations. “It is important that we connect with senior officials in the US, not just the European representatives”.
Denham welcomed the creation of the International Grand Committee as “this is truly a global issue”. Regulators need the tools to work together across borders.
Denham defended the £500k fine recently ruled on Facebook, saying it was the highest possible under the old framework. “It would have been significantly higher under GDPR”. The Commissioner said she is happy with the tools of the new regulatory framework, including collaboration across data protection authorities, and noted that “the time for self-regulation is over”.
Denham welcomed recent efforts made by Facebook to improve its practices, but noted that it is important that regulators “keep their pressure on”. She found disappointing that Facebook did not put sufficient resources in protecting users’ data, and reminded that the ICO continues to monitor Cambridge Analytica’s executives despite the fact that the company no longer exists.
Ashkan Soltani
Soltani invited MPs to focus on Facebook’s business model, which relies on engagement and use of personal data. This means that certain practices may not be simple mistakes, and might instead be inherent to the company’s objectives.
Responding to a question of a Canadian MP, Soltani agreed that the company needs to do more in responding to questions coming from regulators, whereas it has been very active in lobbying legislators to achieve more favourable outcomes. In particular, he noted Facebook officially supported the stringent privacy legislation recently passed in California, while privately lobbying for a weaker framework.
Soltani predicts that a US privacy framework will now be passed by the next congress. It will be a federal framework which will preempt state-level legislation; it is likely to be lighter-touch compared to California’s rules, and to be based on some light forms of consent to use personal data.
Answering to a question, Soltani said he does not believe there is one person knowing everything at Facebook about the privacy issues it faced. However, he suggested policy makers should look to speak to COO Sheryl Sandberg rather than chasing Mark Zuckerberg.
US Congress – Foreign Influence Operations’ Use of Social Media Platforms
Wednesday 5 September 2018 at 09:30 (EST)
US Congress
Sheryl Sandberg, Chief Operating Officer, Facebook
Jack Dorsey, Co-Founder and Chief Executive Officer, Twitter
Video / Transcript
Here's what we learnt:
The Chairman opened the hearing by stressing how social media corruption and misuse was a real threat to democracy in the US and outlined its role in influencing operations. He stressed the need to be precise and candid with language when addressing these issue and candid about where responsibility lies.
He acknowledged that technology always moves faster than regulation and that these issues (and companies) don’t fit into the usual regulatory constructs of the past. If the answer is regulation then a dialogue is needed about what that looks like. If more resources are needed, then a discussion needs to take place about what is required.
There was agreement on the problems, as identified and that we are now at the stage of needing to identify the solution. The chairman acknowledged that no one company can fight this on their own and that it needs to be a collaborative effort, starting now.
Both Sandberg and Dorsey carried themselves well – willing to answer questions without an arrogance. Sandberg appeared to give more pre-prepared answers whereas Dorsey spoke more freely. Google was the biggest loser in the hearing having not put anyone forward. An empty chair was remarked upon countless times.
In terms of the actual responses from Facebook and Twitter, we didn't learn anything new that hasn't already been discussed in previous hearings. Facebook stated that it's not a question of 'whether regulation', but rather 'what regulation'. They don't think they should be an arbiter of what is true or false and so rely on the use of third-party fact checkers. Twitter hinted they were looking at producing an expanded transparency report which would include information on account suspensions.
Two questions which were dodged, or not adequately answered by either party were around whether there should be a valuation on the data of each user of either platform (and this be communicated to the user), and whether there should be data portability rules in the same way there are for number portability in telecoms.
The hearing was concluded by acknowledging 'the great strides' that had already been made by the two companies over the past year and both [Facebook and Twitter] were asked to flag any existing rules that might act as an obstacle for them to collaborate when fixing these issues.
Facebook, Cambridge Analytica and data sharing
Wednesday 6 June 2018 at 15:00 (BST)
House of Commons Digital, Culture, Media and Sport Committee
Alexander Nix, former CEO, Cambridge Analytica
Video / Transcript
Here's what we learnt:
After an awkward start, Nix emphasised that the Channel 4 undercover footage was not common of CA’s practices, his words were foolish, and they had not done or been involved in similar work elsewhere. He explained that CA was a company with a broad range of political ideologies and interests looking to use data to make the world a better place.
Nix stressed they haven’t ever been asked to undertake anything unethical by a client and did not have the capability to produce videos (in Kenya) allegedly associated with them. He claimed that political consultancy was only a quarter of the revenue and work done by the firm – “Most of the time is selling toothpaste, automotives, things like that".
Nix confirmed that Chris Wylie brought significant value to the company even if his working arrangement was temporary. Went onto to say it was him who introduced CA to the third-party app developer (that may have misused FB data) and was responsible for managing that relationship until he left.
FB data was a very small component of a much larger data set which was largely consumer loyalty data. Nix clarified his previous points about what data they had and as of when from GSR. Clarified that CA did have FB data (through GSR), but added that it was subsequently deleted. He refused to answer more about FB data because of ongoing ICO investigation other than to say that the data they received wasn’t fit for purpose and was deleted.
Nix turned his focus to attempting to further discredit Chris Wylie saying that he had intentions to establish his own company making use of a significantly larger set of data.
EU Parliament LIBE/AFCO/ITRE/JURI committees
Monday 4 June 2018 at 17:30 (CET)
EU Parliament LIBE/AFCO/ITRE/JURI committees
Sandy Parakilas – Chief Strategy Officer for the Center for Humane Technology (and former Operations Manager at Uber and Facebook)
Carole Cadwalladr – The Guardian
Elizabeth Denham – Head of the Information Commissioner’s Office (ICO)
James Dipple-Johnstone – Deputy Commissioner at the ICO
Christopher Wylie – Former Director of Research at Cambridge Analytica
David Carroll – Associate Professor at Parsons School of Design in New York
Video / Transcript
Here's what we learnt:
Sandy Parakilas praised GDPR and said most Americans would want something similar to protect their rights and privacy. However, he noted regulation should go beyond consent and aim for comprehension. Privacy policies are still designed to hit the “Agree” button straight away.
Carole Cadwalladr noted that tech companies were very secretive and protective until scandals broke out, and that journalist were finding particularly difficult to investigate these issues properly.
Elizabeth Denham argued that GDPR is an important step for law and authorities, and it is written “flexibly”. She noted that it gives stronger power such as the ability to order a company to stop processing data. She made similar remarks in a previous hearings to the UK Parliament’s DCMS Committee. Denham also argued platforms can no longer deny they are content providers, and should take responsibility accordingly. She announced a detailed report coming up from the ICO, with recommendations to go beyond the geographic scope of the UK.
Responding to MEP’s questions, Denham noted that “only time will tell” whether the action taken by Facebook is enough to avoid a new scandal. She also admitted that other platforms might have engaged in practices similar to those carried out by Facebook, as there is a general lack of transparency.
Parakilas agreed that there is a “toothpaste and tube” problem, in that it is difficult to go back for products and services which have already been built. He also said that, while Facebook denies being a monopoly, he believes the company does operate in conditions similar to a monopoly, and that competition is almost non-existent.
EP Conference of Presidents
Tuesday 22 May 2018 at 18:15 (CET)
European Parliament’s Conference of Presidents (President and political group leaders)
Mark Zuckerberg – founder and CEO of Facebook
Video / Transcript
Here's what we learnt:
Zuckerberg stressed the progress made by Facebook on a number of fronts, including the identification of fake accounts and hateful content through AI, and the increased transparency in advertising. He said Facebook’s systems can now flag 99% of such content before it is even published.
Restated he expects regulatory measures. “The questions is not whether or not there should be regulation. The question is, what is the right regulation”. He made a case for a framework that didn’t stifle new technologies and didn’t burden start-ups unduly. This is the same case he made in his hearing before the US congress in April.
Rejected the argument of a lack of competition in the market. He noted that the average user has about eight different tools to communicate, which is a sign of a competitive landscape and forces Facebook to invest to stay on top of its game. He also argued that advertisers have a choice, as Facebook only takes up 6% of the global advertising market.
Reassured that, due to the changes made in 2014, it is now impossible for app developers to make another Cambridge Analytica scandal happen. However, he expects more apps to be taken down as Facebook continues to review the apps currently accessing the platform.
Committed to follow up in writing to all the questions submitted by the MEPs, many of which were unanswered due to time constraints.
Facebook, Cambridge Analytica and data sharing
Thursday 26 April 2018 at 10:30am (BST)
House of Commons Digital, Culture, Media and Sport Committee
Mark Schroepfer, Chief Technology Officer, Facebook
Video / Transcript
Here's what we learnt:
Schroepfer stressed Facebook’s intention to enhance transparency and accountability with regard to political advertising. Facebook is committed to mark political ads clearly, and disclose who paid for each of them. This will also be rolled out ahead of the UK’s next elections in 2019.
Schroepfer admitted Facebook was very slow at identifying the issue of foreign advertisers running political ads on the platform, particularly ahead of the 2016 US elections in particular.
The Committee asked Schroepfer why Facebook did not notify the users affected by the data breach immediately after it found out Cambridge Analytica obtained their data illegally. Schroepfer argued they were primarily concerned about ensuring users’ data was safe at the time, but did not explain why the company did not tell users immediately about this.
Asked about which forms regulation should take, Schroepfer said it should aim to assure “user control, safety, and transparency”.
Schroepfer assured Facebook will aim to have “full compliance” with GDPR, and will roll out some of the “GDPR basics to other countries. He was asked why Facebook is moving data outside of Ireland, and argued this will allow Data Protection Authorities in other countries to have a say in relevant cases, rather than leaving this to the Irish authority.
The Committee repeatedly asked Schroepfer whether the statements made by Simon Milner in a previous hearing in February were inaccurate or false, and did not seem to be convinced by Schroepfer’s reassurances. It is likely that, despite Zuckerberg’s refusals, the Committee will try again to hear Facebook’s CEO.
Facebook, Cambridge Analytica and data sharing
Tuesday 24 April 2018 at 10:30am (BST)
House of Commons Digital, Culture, Media and Sport Committee
Dr. Aleksandr Kogan, Department of Psychology, University of Cambridge
Video / Transcript
Here's what we learnt:
Kogan said Facebook sent him initial data sets for academic purposes, without a written agreement. The data did not allow identification of individuals. Kogan would have held onto the data to use it for other purposes, but deleted it once FB asked him to do so.
Kogan defined assurance that data is deleted as a “honour system”, whereby Facebook trusted recipients of data to have deleted them, without carrying out any other due diligence.
Kogan claimed to have deleted data “As far as possible”, including models and algorithms derived from them. He conceded there may be some summary files still available somewhere. “I certainly do not use anything” of the data collected by the app now.
Kogan refused to admit he broke Facebook’s terms and conditions. While he admitted his behaviour may have departed from what was in the terms of service, he argued those were not a valid policy, and claimed such policy “does not exist”.
Kogan accused Cambridge Analytica’s former CEO Alexander Nix of lying. He defined Nix’s denial to have received data from him as a “total fabrication”.
Facebook, Cambridge Analytica and data sharing
Tuesday 17 April 2018 at 10:30am (BST)
House of Commons Digital, Culture, Media and Sport Committee
Brittany Kaiser, former employee, Cambridge Analytica
Here's what we learnt:
Cambridge Analytica agreed to delete FB’s data even though it was not violating any contractual obligation. It took several months to delete the data, and FB contacted CA only in December 2015. CA deleted data in January 2016.
Kaiser found incredibly irresponsible that a company with as much money as FB had no due diligence mechanism to protect users’ data. She didn’t know whether the data was deleted, but CA’s COO said “Let’s delete it” to FB.
She noted it is easier to get data from US people compared to UK. US is by default opt-in country, whereas UK and other EU countries you need proactive opt-in”
Kaiser argued there is no transparent structure for one to understand what data is being collected, where it exists, who is it shared with, how is it used.
No easy way to understand portability and right to delete. Something that requires lawyers, and a lot of money. Also, no easy way to monetise data for users themselves
Kaiser highlighted that the sole value of big tech companies is due to the huge amount of personal data they hold from people all around the world.
DCMS Committee chairman Damian Collins suggested the Committee will now look into the role of Facebook’s groups more thoroughly.
CA’s CEO Alexander Nix has refused to appear before the Committee on 18 April 2018. Chairman Damian Collins said they aim to issue a summon to force him to deliver witness.
Facebook: Transparency and Use of Consumer Data
Wednesday 11 April 2018 at 10:00 (EST)
Congress Committee on Energy and Commerce
Mark Zuckerberg, Chairman and CEO, Facebook Inc.
Here's what we learnt:
Facebook was asked numerous times whether it would adopt the same level of protection and rights for US users as the EU’s General Data Protection Regulation
US lawmakers are starting to see the case for a comprehensive data protection framework with GDPR being the benchmark
FB will extend the privacy safeguards guaranteed by GDPR to US users. Zuckerberg also admitted FB will work to improve ways users grant consent to data treatment
Zuckerberg admitted the need for better tools to fight offensive content online, including the need to use AI
Opt-in mechanisms to prevent or stop data treatment were described as a “minefield” which requires rewriting in “pedestrian language”
Regulation is seen as being necessary or “inevitable” by FB and although might be easy to comply with by a large, established business – difficult for a small start-up
FB does not store data in Russia, and is not aware of any data obtained by Russia. Zuckerberg went as far as saying FB was “at arms’ race with Russia”
Zuckerberg rejected an alleged “liberal bias” of the platform, and noted FB’s content reviewers are based in several places around the world rather than just Silicon Valley
