The Expert's View with Jeremy Kirk

General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy

Mark Zuckerberg's European Appearance: Thumbs Down

Awkward Questioning Format Gives Facebook CEO Room To Wriggle Away
Mark Zuckerberg's European Appearance: Thumbs Down
European Parliament President Antonio Tajani answers media questions with Facebook CEO Mark Zuckerberg. (Photo: European Parliament)

European parliamentarians finally had their opportunity on Tuesday to ask Facebook CEO Mark Zuckerberg questions about the social network's data handling and privacy practices.

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

But the session in Brussels, which lasted roughly 90 minutes, turned into a somewhat frustrating flop. Zuckerberg, who first resisted but eventually appeared before the U.S. Congress last month, had previously avoided testifying in Europe.

By all measures, European lawmakers asked tough questions of the Facebook CEO, according to a recording of the session. But the short format and awkward setup left little time for the lawmakers to probe the complexities of Facebook's platform. Zuckerberg, true to form, recycled much of the material he has said before, leaving onlookers and the public largely disappointed.

The anger towards Facebook stems from the acquisition of 87 million profiles by Cambridge Analytica, the now-defunct analytics firm that worked on President Donald Trump's election campaign for about five months, and which also worked with the "Leave" campaign during Britain's 2016 "Brexit" referendum on its EU membership (see Besieged Cambridge Analytica Shuts Down).

A Cambridge University professor passed the Facebook data to Cambridge Analytica in violation of Facebook's policies. Since then, Facebook has identified more than 200 other apps that may have also exposed user data. One such app - designed by a researcher who ended up at Cambridge - may have exposed data for 3 million Facebook users (see Report: Facebook App Exposed 3 Million More Users' Data).

Pointed Questions

Despite pointed questions and commentary from parliamentarians, the format of the session left much wriggle room for Zuckerberg, who started with an opening statement.

"Whether it's fake news, foreign interference in elections or developers misusing people's information, we didn't take a broad enough view of our responsibilities," Zuckerberg said in his prepared statement. "That was a mistake, and I'm sorry. It will take time to work through all of the changes we must make."

The parliamentarians then asked questions in order, with Zuckerberg being allowed to respond after all questions had been asked. The questions included ones that have been posed to Facebook before, including inquiries about its alleged collection of data on those who haven't registered for accounts, also known as its "shadow profiles."

MEP Guy Verhofstadt

Some of the sharpest commentary and questions came from Belgian MEP Guy Verhofstadt. He first complimented Zuckerberg by saying Facebook's Live product saved him from missing part of the hearing as he arrived late due to a strike in Paris.

Zuckerberg smiled, but the friendly rapport was short-lived, as Verhofstadt swiftly landed a rhetorical jab by questioning whether Zuckerberg truly had control of his company, noting that the CEO has apologized up to 16 times to the public over the past decade for various privacy missteps.

While proclaiming that he was a liberal believer in free markets, Verhofstadt nonetheless suggested that the only way to fix Facebook "is to have public regulation to do so."

GDPR Questions

Verhofstadt also questioned whether Zuckerberg was telling the truth when he said his company will comply with Europe's General Data Protection Regulation. The EU will begin enforcing GDPR, which is one of the strictest data protection regulations in the world, on Friday.

GDPR gives new rights to consumers, allowing them to see what data companies hold on them as well as to request that they delete that data. The regulation also imposes stern penalties for mishandling data, including fines of up to four percent of an organization's global revenue or €20 million, whichever is higher. Facebook has said it eventually plans to apply GDPR's principles worldwide (see Facebook's Zuckerberg Pledges Worldwide GDPR Compliance).

No Obligation

When the EU parliamentarians' questions were finished, Zuckerberg responded, referring to his own notes. This unorthodox format led to criticism that Zuckerberg skirted difficult questions, falling back on his well-practiced talking points, which were already largely heard during his Congressional testimony.

At a press conference afterward, European Parliament President Antonio Tajani fielded complaints from journalists about the format and admitted that the question phase lasted too long. But he implied that Zuckerberg's mere presence was notable.

"He's [Zuckerberg's] not obliged to come," Tajani said. "He's not a European citizen. So he responded to our invitation."

Later, Tajani attempted to put a positive spin on the proceedings while also reinforcing Europe's expectations of Facebook.

"Mark Zuckerberg apologised to European citizens," Tajani said on Twitter. "I expect Facebook and all other digital platforms to fully comply with the new, stringent data protection rules entering into force on 25 May."

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.