Privacy Issues

Lawmakers Skeptical of Zuckerberg’s Promise to Enforce EU Privacy Rules in U.S.

Facebook CEO said his company would extend the General Data Protection Regulation requirements to all users

Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before the House Energy and Commerce Committee on April 11, 2018. (Photo by Chip Somodevilla/Getty Images)

Facebook Inc. Chief Executive Mark Zuckerberg told a congressional panel Wednesday that his company plans to extend stricter European Union privacy policies to the United States, but some lawmakers aren’t convinced that the social media platform is committed to granting Americans the same protections as European users.

During testimony before the House Energy and Commerce Committee, Zuckerberg told Rep. Gene Green (D-Texas) that Facebook would extend the EU’s General Data Protection Regulation requirements to all users, adding that the company intends to make the same controls available “around the world.”

“We believe that everyone around the world deserves good privacy controls,” Zuckerberg said. “We’ve had a lot of these controls in place for years. The GDPR requires us to do a few more things, and we’re going to extend that to the world.”

The GDPR would impose strict rules for how personal data is collected by websites and companies, how it is used by collectors and how users are informed about its collection — including a requirement that collected data must be deleted after a user’s request. The regulations were approved by the EU Parliament in 2016 and they take effect on May 25.

Any company that collects personal information from EU residents will be required to comply with the rules across EU countries once the regulations are implemented.

When Rep. Jan Schakowsky (D-Ill.) asked if “not just the controls, but all the rights required” would also be extended to U.S. users, Zuckerberg was less decisive about Facebook’s domestic adherence to the GDPR.

He noted that the GDPR “has a bunch of different important pieces,” but said adherence to two of the key principles — limiting how data is collected by companies and affirmative consent requirements for personal data use — could “be different depending on the laws in specific countries in specific different places.”

In a brief interview after the exchange, Schakowsky said she was unimpressed with Zuckerberg’s response. “He at first said, ‘We’ll do all of this and all of this, but this part over here is a different matter,’” Schakowsky said. “So I think he was really hedging on how much of the EU regulations that Facebook would actually follow.”

“Americans deserve the same kinds of protections that Europeans do,” she added.

Zuckerberg testified before a joint Senate Commerce and Judiciary committee hearing Tuesday to discuss Facebook user privacy and Russian election meddling efforts on the platform during the 2016 presidential election.

Sen. Lindsey Graham (R-S.C.) asked Zuckerberg during that hearing if “the Europeans had it right” with the GDPR.

I think that they get things right,” Zuckerberg responded.

Graham said in a statement following Tuesday’s hearing that U.S. regulatory changes might be necessary to address Facebook’s issues with user privacy.

“It could possibly take the creation of new laws and regulations to deal with this platform,” Graham said. “But I do believe this: continued self-regulation is not the right answer when it comes to dealing with the abuses we have seen on Facebook.”