Oakland, Calif. – This week, technologist Ashkan Soltani testified before the United Kingdom House of Commons Digital, Culture, Media and Sport International Grand Committee following separate testimony by Richard Allan, Facebook’s vice president for policy solutions. Soltani helped write the California Consumer Privacy Act with Californians for Consumer Privacy Chair Alastair Mactaggart, and is an expert on consumer privacy and technology policy.
Soltani’s testimony highlighted Facebook’s relationship with users’ data privacy, including lobbying efforts currently underway to federally preempt newly-passed consumer privacy rights in California with the California Consumer Privacy Act (AB 375). This year, Facebook contributed $200,000 to the corporate campaign opposing consumer privacy rights in California.
Below are excerpts from his testimony:
“In short, I found that time and time again Facebook allows developers to access personal information of users and their friends, in contrast to their privacy settings and their policy statements. This architecture means that if a bad actor gets a hold of these tokens, such as in the case of Pinterest, there is very little the user can do to prevent their information from being accessed. Facebook prioritizes these developers over their users.
“I think it was best laid out in Mr. Allan’s ‘win-win-win’ comments, that ‘the platform enables things we are not going to do and they are going to do.’ Right? Facebook gets more engagement from the platform; Facebook users do things that Facebook does not normally provide; and developers get access to a large consumer base.”
“Additionally, from my experience I do not think Facebook is able to govern itself in this area. From my observations of public data as well as my conversations with multiple stakeholders inside the company, my understanding is that senior leadership simply does not prioritize these issues seriously and they will continue to do the bare minimum necessary to pass through the compliance regimes, but will absolutely continue to make these mistakes as their priority is monetization of user data.”
“In the lead up to the passing of the California Consumer Privacy Act, Facebook came out publicly in support it but was in fact still lobbying behind the scenes against it. We have seen that time and again.
“This is currently the first time I have seen in the US when the Administration, Congress and the companies are all aligned to pass federal privacy legislation, primarily to pre-empt the California law and to potentially give them carve-outs from GDPR, because the conservative Administration feels like it might be oppressive to business. My understanding is that Facebook is very involved in that process.”
The United Kingdom Information Commissioner Elizabeth Denham also echoed the call for the platform to be regulated, and the belief that the company misrepresented their practices:
“Elizabeth Denham: After a nine-month investigation, we issued a fine in October of this year. It was the maximum fine that was available to us under the previous regime and I stand by the findings and the enforcement action by my office. That said, any organisation—any company—has the right of appeal. But I was really disappointed by Facebook’s statement in the context of the appeal, because I do think that they misrepresented the fact of our finding and the rationale for issuing that fine.”
“Facebook broke data protection law, and it is disingenuous for Facebook to compare that to email forwarding, because that is not what it is about; it is about the release of users’ profile information without their knowledge and consent. That is messages and likes; that is their profile.
I guess that, at the end of the day, I am really disappointed that one of the most innovative companies in the world—because great things happen on Facebook—have not replicated their innovation in ways that protect people’s privacy online. That is how I would summarise it, Mr Angus.”
“Elizabeth Denham: I believe that the time for self-regulation in this context is over. My recommendation to the Committee for consideration is that, because of the public concern about these internet harms around content and conduct online, Parliament needs to define the outcomes. There needs to be a set of standards that are agreed and a regulator has to be equipped with the right powers to be able to review the activities of the companies.”
To read Commissioner Denham’s full testimony, click here.
About the California Consumer Privacy Act:
The California Consumer Privacy Act started as a ballot referendum signed by 629,000 Californians to place it on the November ballot. After the initiative qualified, the California State Legislature passed groundbreaking consumer privacy legislation AB 375 in June 2018, which was signed into law by California Governor Jerry Brown.