Facebook CEO Mark Zuckerberg shakes hands with House Energy and Commerce Committee member Rep. Richard Hudson, a Republican from North Carolina, at the conclusion of a hearing on Capitol Hill on Wednesday. Zuckerberg said Facebook would welcome the “right regulation” of how it collects and uses data.
Chip Somodevilla / Getty Images
What if more privacy was the law?
The European Union has already made it so with its General Data Protection Regulation, which gives users the ability to request information on who has their data, as well as the right to ask for copies of it or have it deleted. Until recently, it seemed like that law would have only limited benefits for people outside of Europe.
One possible benefit to people in the US is that companies might decide to extend the law’s privacy protections to users worldwide. And the rules requiring companies to notify users of data breaches could lead to people around the globe learning about any breach affecting Europeans.
But now the law’s reach in the US could be much bigger. That’s because privacy experts say it’s become more likely that lawmakers will enact regulations in the US that borrow from the EU’s law, commonly called the GDPR. That would mark a sea change in the way the federal government approaches privacy regulations.
This is all thanks to the Cambridge Analytica scandal plaguing Facebook, in which a political consultancy in the UK improperly accessed information on as many 87 million of the site’s users. On Tuesday and Wednesday, members of Congress from both sides of the political aisle repeatedly asked Facebook CEO Mark Zuckerberg whether he would commit to being regulated.
In response to the question of whether Facebook would welcome regulation, Zuckerberg told senators Tuesday, “I think if it’s a right regulation, then yes.”
Taking regulation to the next level
Lawmakers have introduced many privacy-oriented bills in both houses of the legislature before now, but they’ve all had a narrow focus.
After the Equifax hack in September, which compromised the personal information of nearly 148 million people, lawmakers introduced bills that would give consumers more control over the data that credit reporting agencies can collect on them, require businesses to inform consumers of data breaches and impose fines. What’s more, Rep. Marsha Blackburn, a Republican from Tennessee, introduced the Browser Act in 2017, a bill that would require web-based services to let users opt in or out of having their data collected.
On top of that, privacy in the US is already regulated to some extent by both the Federal Trade Commission and the Federal Communications Commission.
This regulation doesn’t have the teeth of GDPR, which levies steep fines against companies for violating the rules. Those penalties can go up to 20 million euros or 4 percent of a company’s annual revenue — whichever is higher.
Zuckerberg on privacy regulation
Zuckerberg’s questioning in two separate congressional hearings marked the most high-profile public discussion of enacting broader privacy regulations we’ve seen yet.
On Tuesday, Sen. Lindsey Graham, a Republican from South Carolina, pressed Zuckerberg on whether Facebook would welcome being regulated. After the Facebook CEO said the company would welcome the “right regulation,” Graham followed up by asking if Zuckerberg thinks the Europeans have got it right.
“I think that they get things right,” Zuckerberg said, triggering laughter.
On Wednesday, Rep. Scott Peters, a Democrat from California, asked Zuckerberg what specific parts of the GDPR he thinks are a good idea.
“In general, it is going to be a very positive step for the internet,” Zuckerberg said. He said many of the rights given to users by the law to control data were already on offer from Facebook.