Facebook ‘Sorry’ seems to be the hardest word
Facebook boss issues no apology but says he will halt data misuse
● It took five days for Mark Zuckerberg, Facebook’s founder and CEO, to publicly respond to reports that data from 50-million users had been leaked to Cambridge Analytica, the data analytics company that worked for the Trump campaign.
When he finally spoke, many believed his response was not enough to ease the political pressure on the social network. Zuckerberg admitted making mistakes, but he was seen as dispassionate and did not say sorry. Critics felt he did not go far enough.
The 33-year-old laid out a six-step plan to improve privacy protection for users, but did not explain why Facebook had failed to do more when told about the leak in 2015.
In an interview with CNN, Zuckerberg said he regretted not telling affected users at the time.
Brian Wieser, an analyst at Pivotal Research, said: “It is the minimum necessary thing at this particular moment, but it does nothing to allay all the concerns.
“I think they will be hauled in front of politicians and they will have to take it. And there will be more bad press.”
Wieser, who has a “sell” rating on Facebook, said there was evidence of systemic mismanagement at the social media company, including violating political advertising laws, failing to take down illegal content and providing false metrics to advertisers — on top of the reported leak.
Daniel Ives, head of technology research at GBH Insights, was hopeful that Zuckerberg’s breaking of his silence would reassure users, advertisers and investors that Facebook was getting on top of the problem and putting the “PR nightmare” behind them.
“There is still more work to be done for Facebook to restore confidence and make sure regulatory crosshairs do not meddle with its business, both in the beltway [Washington] and EU. However, we continue to be buyers on weakness in shares of Facebook as we believe a lot of this bad news is now priced into the name,” he said.
Other analysts were pleased the Facebook boss did not go further. Ben Schachter, an analyst at Macquarie, said Zuckerberg allayed most of his fears that Facebook would “propose radical changes that would impact the business model”.
He added: “Our worry was that Facebook, at Zuckerberg’s direction, could take more radical actions than it has in the past to limit the use of audience segmenting, ad-targeting, data-sharing, and other privacy-related issues that could lower the monetisation of Facebook data,” he said.
Facebook appears to have made a PR shift. Earlier in the week, a spokesperson said the company was “outraged” that it had been “deceived” by Cambridge Analytica. The UK data company had said in 2015 that it had deleted the Facebook data it had obtained without users’ awareness, a position it maintained in view of the recent scandal.
But on Wednesday, Zuckerberg said Facebook took ownership of protecting its users’ data, and that he was personally responsible for everything that happened on the network. In a 900-word Facebook post and a separate press release, he laid out a plan to improve privacy, and said he would testify before politicians — if he was the right person to do so. He said he did not object to every attempt to regulate the social network.
Some measures were specifically targeted at the current case: Facebook pledged to inform users whose data was misused by apps, including those whose data was harvested by the thisisyourdigitallife survey app, the online questionnaire that generated the data used by Cambridge Analytica.
On CNN, Zuckerberg said Facebook would search for other “Cambridge Analyticas”, developers that had accessed data in contravention of its terms and conditions. If Facebook removed an app for misuse in the future, it would tell users.
Other parts of the proposed plan were broader, including some changes already in train as the company prepares to comply with the EU’s General Data Protection Regulation, which comes into force in May.
The company will restrict the data that apps which use Facebook to log in can receive, and turn off their ability to access data in apps that a user has not opened.
Facebook also said it would roll out a privacy checkup to remind people to examine which apps already have their data and expand its bug bounty program, so outside security researchers are rewarded for reporting misuse of data by app developers.
Privacy activists, however, believe the proposals do not go far enough. Corynne McSherry of the Electronic Frontier Foundation said it was a “good start” but Facebook should admit it was a big mistake to rely on Cambridge Analytica’s word that the data had been deleted — and should have told users when it learnt of the misuse.
The company needed to allow independent privacy audits for real transparency, she said. “Facebook is still asking us to trust them to make this right. They’ve already shown us that we can’t trust them.”
Facebook has faced previous privacy scandals. The Electronic Privacy Information Center is one of the organisations that complained about the company’s privacy protection to the US Federal Trade Commission in 2011, a case which resulted in a 20year privacy agreement with the commission.
Jeff Chester of the Center for Digital Democracy said Zuckerberg’s plan was “insufficient baby steps”. It was Facebook’s business model, not the external app developers which used it, that was at the core of its privacy problems, he said. Facebook should stop working with data brokers to build more detailed profiles and no longer track users across the internet.
“Facebook needs to engage in a wholesale revision of how it gathers and monetises our information.” Financial Times
They’ve already shown us that we can’t trust them Corynne McSherry Legal director of the Electronic Frontier Foundation