You’ve been Zucked: Facebook boss refuses to face-off with Brit MPs

Committee rages at snub, says homework isn’t good enough

A letter (PDF) from the social network to the Digital, Culture, Media and Sport Committee made it clear that MPs’ threat of a formal summons the next time Zuck lands in the country hadn’t scared the CEO into giving evidence in person.

“While Mr Zuckerberg has no plans to meet with the committee or travel to the UK at the present time we continue to fully recognize the seriousness of these issues,” wrote Facebook’s head of public policy in the UK, Rebecca Stimson.

To which committee chair Damian Collins raged that if the exec truly recognised the seriousness of the issues, “we would expect that he would want to appear in front of the committee and answer questions that are of concern not only to Parliament, but Facebook’s tens of millions of users in this country”.

At the same time as threatening Zuckerberg with a summons, the committee issued Facebook 39 questions it said CTO Mike Schroepfer had failed to answer in his evidence to MPs.

Man eats toast while looking at watch, clearly late for something. Photo by Shutterstock

It has today published Facebook’s answers, which were submitted to the committee yesterday – some three days after the deadline – and, somewhat unsurprisingly, the MPs said that these also fail to fully address their concerns.

“It is disappointing that a company with the resources of Facebook chooses not to provide a sufficient level of detail and transparency on various points,” said Collins.

“Given that these were follow-up questions to questions Mr Schroepfer previously failed to answer, we expected both detail and data, and in a number of cases got excuses.”

Areas where Zuck & co failed to meet the committee’s exacting standards included Cambridge Analytica, dark ads, Facebook Connect, data collection across the web and the firm’s budgets for investigations.

For instance, Facebook said that “due to system changes” it didn’t have any records on enforcement action taken against apps between 2011 and 2014 – the latter being the year that Facebook announced plans to stop devs slurping data on users’ friends.

Undeterred, Facebook answered a different question, saying that as of 2014, it had reviewed all apps seeking access to anything beyond basic data fields and rejected about half of those – some 299,000 apps in total. It added that it had taken action against 370,000 apps in 2017.

The biz also failed to say how many people had been added to the app review team since 2014, but reiterated plans to double the number of people who work on safety issues overall – from 10,000 to 20,000 – this year.

The question over how many clicks or swipes it takes for users to change their privacy settings was also dodged. Recent changes mean the biz can trumpet the fact this process now takes just three clicks; but up until the Cambridge Analytica scandal, it was notorious for its buried opt-outs with settings spread across 20 pages.

On political advertising, dark ads and Cambridge Analytica, Facebook broadly failed to give the level of detail the committee clearly craved – repeatedly pointing instead to its new “view ads” tool and referring to previous evidence.

But it’s also worth noting the way the MPs phrased some of these questions allowed Facebook this wiggle room – and opened up the avenue for debate on what a “real” answer would be.

The Social Network also offered a more detailed answer to why it changed its policies so some 70 per cent of its users – who are in Africa, Asia, Australasia and Latin/South America – no longer have Facebook Ireland as their data controller.

Beefeater

The move has been slammed by critics because it effectively slips 1.5 billion users out of the rights offered under the General Data Protection Regulation.

During his evidence session, Schroepfer said this was at the request of “people” in these countries, who wanted to work with a local regulator rather than Facebook Ireland.

In its latest response, Facebook added a little more colour – although the answer is unlikely to satisfy privacy experts.

“We’ve received strong feedback from regulators and judicial systems outside of Europe that they want us to be directly responsive to them and not be required to go through Europe on data protection matters,” Facebook said.

However, it added that the move allows it to tailor its data policy for each country, claiming that the requirement under GDPR to describe the legal basis that applies to each form of data processing “is not a concept that has any relevance outside Europe”.

There were a couple of new insights, such as detail on the extent of Facebook data gathering across the net. Between 9 and 16 April, the Facebook Like button appeared on 8.4 million websites, the Share button on 931,000 websites, and there were 2.2 million Facebook Pixels installed, the biz said.

Facebook also fired a parting shot at the committee, as it pointed out that it had held lengthy meetings and evidence sessions across the world, provided written submissions and that “one of the most senior people in the company has given 5 hours of testimony” to the MPs.

“We were disappointed after providing a very significant amount of information to the committee at the last hearing that the committee declared our response insufficient,” the letter stated.

You can imagine what the biz will be saying about the MPs’ response to today’s 40-page reply. ®