European lawmakers would have been much tougher on Zuckerberg

Mark Zuckerberg might have come away fairly unscathed in his first day of grilling on Capitol Hill yesterday, but he’s facing a much tougher battle in Europe.

European lawmakers said Wednesday they would have asked the Facebook CEO much more probing questions, the same day they moved forward with more laws that put online users’ rights first and punish companies that violate them.

Hours after Zuckerberg finished fielding senators’ questions, the EU announced yet another big advance in consumer online protections.

The European Parliament’s New Deal for Consumers is a wide-ranging piece of legislation designed to give consumers more protections from companies that break the law, including giving consumer groups the right to seek compensation on behalf of large numbers of customers and increase fines for companies breaking the law.

Among its fundamental aims is to make citizens’ online lives better by increasing transparency and ensuring Facebook and others fully respect consumer rights.

“Consumer authorities will finally get teeth to punish the cheaters,” Europe’s Justice Commissioner Vera Jourova said. “It cannot be cheap to cheat.”

The latest strand of Europe’s increasingly robust protections for consumers comes just a month before it will implement the General Data Protection Regulation, or GDPR, a powerful piece of legislation that will hand sweeping powers to citizens over how their data is collected, stored, and retained.

As the U.S. struggles to understand the data privacy problem created by companies like Facebook, Europe has been at the forefront of creating laws that protect the consumer rather than the company — and if Zuckerberg ever accepted one of the multiple invitations made to address European lawmakers, he would likely face a much tougher time.

“I think some of the questions maybe weren't as probing as maybe they could have been. I think that is why he got away with it to some degree,” Michael Veale, a technology policy researcher at University College London, told VICE News regarding the questions posed in Tuesday’s hearing.

“In the European Parliament you would find that you have the Dutch liberals and the Germans, who basically crafted and deeply understand data law across the world,” Veale added.

Many in Europe saw Tuesday’s questioning as barely scratching the surface, and criticized senators for failing to pursue Zuckerberg when he dodged a tough question.

"More than the questions themselves, the dynamic of answering the questions in an obfuscating way, the lack of precise follow-ups, was very problematic,” Paul-Olivier Dehaye, whose data startup PersonalData.IO produced a dossier on Cambridge Analytica last year, told VICE News.

One question Zuckerberg did dodge was related to whether Facebook tracked users when they were not logged in. Zuckerberg’s deferred to his “team”, but as CEO, it is almost unthinkable that he would not know the answer.

“If he does not understand whether his company tracks people who are not logged in to Facebook, that is shocking, that is an incredibly basic detail to understand,” Veale said. “Given that this is your market, your business is this online pervasive tracking.”

During a break in the questioning Tuesday, Zuckerberg suffered a privacy failure when he left a copy of his notes open. It showed that while he did have some notes on GDPR on hand, they didn’t go much further than saying, “Don't say we already do what GDPR requires.”

In Europe, it is unlikely this level of preparation would suffice. “Those are not going into the level of granularity you would need to be able to answer questions [in the European Parliament],” Veale said.

But at the moment it looks like Zuckerberg won’t have to face European lawmakers.

Last month British MPs requested Zuckerberg come before the Digital, Culture, Media and Sport (DCMS) select committee to answer questions relating to the Cambridge Analytica controversy, but the CEO declined, sending two executives in his place.

Members of the European Parliament have also requested his presence in Brussels.

Veale was attending a conference on data protection in Scotland on Wednesday, and said all anyone was talking about was about Zuckerberg and his less-than-intense grilling in the Senate Tuesday.

“We do feel that if he had come to the DCMS committee he would have had a lot more probing questions, and I think in the European Parliament you would have really very, very probing questions.”

While the GDPR legislation impacts all companies that collect any data, it is the likes of Facebook, Google, and other tech companies who collect vast troves of user information who’ll have to make the most changes.

On Tuesday, Zuckerberg mentioned Europe a few times during his Senate testimony, admitting at one point: “I think that they get things right.”

Facebook has constantly fought European lawmakers and regulators over what it’s seen as overzealous restrictions being put in place to protect people’s privacy and data. Now opinion in Silicon Valley appears to be changing.

“I think it's certainly worth discussing whether we should have something similar in the U.S.,” Zuckerberg said in response to a question from Sen. Maria Cantwell about whether or not the U.S. should be implementing its own version of GDPR.

At the moment, the U.S. has a mishmash of privacy laws — more than 2,000 at the state level — but no omnibus federal law protecting all citizens — and this is increasingly making the U.S. look isolated.

Because Facebook’s international data processing is done in Ireland, the GDPR protections cover European citizens as well as users from every countries from Australia to Zimbabwe — except Canada and the U.S.

“The U.S. is increasingly looking not like it is just different from Europe, but is looking like an island in the world, which is regulated in a way that is incredibly costly for companies to do business there,” Veale said.

Jourová told a press conference in Brussels Wednesday that when she heard Zuckerberg’s testimony Tuesday, she “had in mind many other questions,” adding, “I think there should be a chance given to the European legislators [to question Zuckerberg].”

The commissioner has been among the most vocal critics of Facebook over the past decade and made headlines recently when she deleted her Facebook page, describing it as a “highway of hatred” due to the abusive comments posted there before she shut it down.

Jourova even joked that she had been worried about how the European Parliament was going to sell GDPR to citizens, but the recent Cambridge Analytica scandal had done the job for her. “So, thank you, Mr. Zuckerberg, I can explain now why we want to have these stricter rules in the EU.”

Cover image: Sen. Cory Gardner, R-Colo., listens to Facebook CEO Mark Zuckerberg testify before a joint hearing of the Senate Judiciary and Commerce Committees on the protection of user data in Hart Building on April 10, 2018.(Photo By Tom Williams/CQ Roll Call) (CQ Roll Call via AP Images)