Getty Images/iStockphoto

Big tech chiefs boycott parliamentarians investigating citizens’ privacy

An International Grand Committee on Big Data, Privacy and Democracy considers whether failure to protect citizens’ privacy constitutes grounds for anti-trust regulation against Facebook and other big tech companies

Parliamentarians from around the world gathered in Canada last week to debate the future of regulation of “big tech”, but were frustrated when chief executives from some of the largest technology companies decided not to show up.

The hearings, by the International Grand Committee on Big Data, Privacy and Democracy, were attended by politicians from a dozen countries. Collectively representing more than 400 million citizens, they heard testimony from expert witnesses, government officials and representatives of technology companies.

The grand committee’s aim is to help lawmakers gain a better understanding of the issues facing citizens amid the growing influence of big tech, particularly around privacy.

On 28 May, members of the committee signed a joint declaration reaffirming their commitment to protecting fair competition, increasing the accountability of social media platforms, protecting privacy rights and personal data, and maintaining and strengthening democracy.

Companies that attended included social media platforms such as Facebook and Twitter, as well other data companies including Google, Amazon Web Services (AWS), Microsoft Canada, Apple and the Mozilla Foundation.

“What we’re interested in is how they cover that data, what consent they have for doing so and how they use it,” said Damian Collins, chairman of the UK’s Digital, Culture, Media and Sport (DCMS) Committee, which published a hard-hitting report in February accusing Facebook of being “digital gangsters”.

Despite receiving a subpoena in early May to appear before the committee, neither Facebook CEO Mark Zuckerberg nor chief operating officer Sheryl Sandberg showed up.

Canadian MP Charlie Angus said: “We are very surprised that Mr Zuckerberg and Ms Sandberg decided to ignore the summons of a parliamentary committee, particularly as we have international representatives here. As far as I know, we were not even informed that they weren’t showing up. I have never seen a situation where a corporate head ignores a legal summons.”

The committee took matters a step further by issuing an open summons that requires both Zuckerberg and Sandberg to appear before Parliament should they enter Canada for any reason.

“As soon as either Mr Zuckerberg or Ms Sandberg sets foot in our country, they will be served and expected to appear before our committee,” said grand committee chairman Robert Zimmer. “If they choose not to, then the next step will be to hold them in contempt.”

The committee sent formal invitations to the chief executive officers of other technology companies to attend the committee’s hearings, but none showed, sending more junior company representatives in their place.

Privacy and competition

A Facebook lawyer argued last week that its users had no expectation of privacy when using the social network, in an attempt to have a lawsuit over the Cambridge Analytica scandal thrown out.

Facebook attorney Orin Snyder told US District Court judge Vince Chhabria at a hearing on 29 May: “There is no invasion of privacy at all, because there is no privacy.”

Facebook bore the brunt of the questioning by the grand committee, with Angus telling an Amazon representative at one point that the hearings were taking place largely because of Facebook’s actions.

“Facebook has put us in this situation,” he said. “If Facebook had better corporate practices, we might not even be paying attention.”

The committee questioned Facebook’s representatives about the contrast between the company’s pro-privacy public and a global lobbying campaign against privacy regulations, first revealed by Computer Weekly and The Observer.

When asked why Facebook (and Google) “used millions of those [revenue] dollars to lobby against the General Data Protection Regulation (GDPR)”, Kevin Chan, Facebook’s global policy director, responded: “We fully support GDPR.”

The committee also heard that Facebook is appealing against a number of regulatory decisions and findings against it in various jurisdictions, leading Irish Teachta Dála James Lawless to ask: “If you are putting your hands up and saying ‘We got some things wrong’ and demonstrating good faith, which I would welcome if that were the case, why are you continuing to appeal many of these decisions?”

German MP Jens Zimmerman later asked Chan why Facebook is appealing the German antitrust regulator’s decision to prohibit the company’s “practically unrestricted” collection and combination of data (see box below).

He responded by stating that Facebook needs “to have some ability to understand the provenance of certain content and certain accounts”, and that it was a question of “where do the limits of competition start and end versus where the limits of privacy start and end”.

German antitrust regular finds against Facebook

Germany’s antitrust regulator, the Federal Cartel Office (FCO or Bundeskartellamt), ruled on 7 February 2019 that Facebook had been exploiting consumers through its data collection and combination practices.

The regulator found against Facebook not because consumers suffered financial loss, but because they had lost control of their data.

“The damage for users lies in a loss of control,” it said. “They are no longer able to control how their personal data is used. They cannot perceive which data from which sources are combined for which purposes with data from Facebook accounts.”

The ruling went on to say that combining data in this way gives it a “significance that the user cannot foresee”.

In a statement announcing the decision, FCO president Andreas Mundt said: “Facebook will no longer be allowed to force its users to agree to the practically unrestricted collection and assigning of non-Facebook data to their Facebook user accounts.

“As a dominant company, Facebook is subject to special obligations under competition law. In the operation of its business model, the company must take into account that Facebook users practically cannot switch to other social networks – the only choice the user has is either to accept the comprehensive combination of data or to refrain from using the social network.”

Responding to the ruling in a blogpost, Facebook asserted that “popularity is not dominance”, and that the company faces “fierce competition in Germany”.

Facebook said it had done a lot [to give users more control of their data] since the implementation of the GDPR last year, “including asking everyone around the world to make choices about the ads they see and more”.

It said the FCO was undermining the GDPR with its ruling, because it “specifically empowers data protection regulators – not competition authorities”.

The FCO said in its ruling that the GDPR does not provide Facebook with a justification for the kind of data collection and assignment it is currently engaged in.

Maurice Stucke, antitrust expert and law professor at the University of Tennessee, told Wired: “This ruling is really an icebreaker. Icebreakers break through the ice in order to lead the path for other vessels to follow.”

Later, Canadian MP Nathaniel Erskine-Smith asked representatives of Facebook, Google and Twitter whether privacy should play a central role in competition law. All three gave very guarded answers.

“So none of you have a view on a really important issue of our day?” said Erskine-Smith.

Lawmakers also accused Amazon of “predatory pricing practices”, saying it had paid “a negative 1% tax rate” in the US, and just £1.8m in tax on £3.35bn profit in the UK. “You’re like the biggest welfare case on the planet,” said Angus.

Mark Ryland, director of security engineering at AWS, replied that he was no expert on competition law.

Zimmer retorted: “This is the reason we asked Mr Bezos [Amazon CEO] to come. He can answer those kinds of questions before this grand committee. We wanted people that could give us fulsome answers.”

Collins also asked Amazon and Microsoft’s representatives about the “data reciprocity agreements” they had with Facebook.

The existence of these data-sharing agreements, whereby Facebook would provide access to otherwise restricted data in return for something of “value” to the company, was revealed in court documents from a case brought by Facebook app developer Six4Three, which Computer Weekly has reported on in depth.

Specifically, Collins questioned the representatives on whether they knew how these agreements worked and what kind of information was shared.

Neither could answer, and said they would follow up with written responses.

‘Data is the source of their power’

At the start of the grand committee hearings, Jason Kint, CEO of Digital Content Next, told the parliamentarians that Facebook and Google were benefiting from most of the growth in advertising spending.

“In a $150bn-plus digital ad market across North America and the EU, 85-95% of the incremental growth is going to just these two companies,” said Kint in reference to Google and Facebook, and there was a direct correlation between their revenues and data collection practices, he said.

Author Shoshana Zuboff refers to the practice of turning customer data into revenue as “surveillance capitalism” (the name of her recent book on the subject). She told the committee that surveillance capitalism was not an automatic or inevitable consequence of digital technology.

“It is easy to imagine the digital without surveillance capitalism,” she said. “But it is impossible to imagine surveillance capitalism without the digital.”

The same sentiment was expressed by Roger McNamee, author of Zucked, an insider’s account of Facebook, who said corporate surveillance was not a prerequisite of providing consumers with services that they like.

“Do not, in your mind, allow any kind of connection between the services you like and the business model of surveillance capitalism,” he said. “There is no inherent link there, none at all. This is something that has been created by these people because it is wildly more profitable.”

McNamee said that if big tech companies disappeared tomorrow, it would take “literally moments” for them to be replaced by competitors that do respect users and their privacy.

Zuboff told the committee that over the past century of anti-trust regulation, “the emphasis has come down on fairness and justice over narrow considerations of economic growth”.

She said lawmakers need to disrupt “and in many cases outlaw surveillance capitalism’s foundational mechanisms,” including the “unilateral taking of private human experience as a free source of raw material and its translation into data”.

The committee also discussed subjects ranging from election interference and transparent funding for political advertisements online, to digital disinformation and algorithmic discrimination.

The International Grand Committee on Big Data, Privacy and Democracy is due to meet again in Ireland in November 2019.

Read more on Privacy and data protection