While the details of this week’s Facebook scandal — that the company had allowed partners to view supposedly private user data — were new, the arc of this story already follows a predictable script that, unfortunately, Americans are seeing over and over and over again.
Every few weeks, a new story breaks about some new corporate innovation in unauthorized sharing, selling or losing control of Americans’ data; the company will apologize and promise to always put customers first; it will make a cosmetic, largely meaningless change to its policies; and then it all happens again a few months later. Wash, rinse, repeat.
After years of this, Americans are understandably fed up with empty corporate promises. Some of the biggest tech companies have repeatedly shown that profits come first… and then we’ll see about best interests of users.
Sheryl Sandberg personally told me that personal privacy is a matter of national security, and yet we now know that Facebook shared users’ personal information with Russian and Chinese telecom companies with strong links to their governments. (Yandex has been credibly accused of funneling user data to the Russian government, while U.S intelligence officials have been sounding the alarm about Huawei’s government links for years now.)
I personally asked Facebook about its data-sharing partnerships with other companies earlier this year, and my staff reviewed the privacy audits it filed with the Federal Trade Commission. Those audits revealed, much like the New York Times’ reporting, that, once Facebook had handed users’ personal information to other companies, it did nearly nothing to make sure that outside companies protected that information.
So why does this latest confirmation that users’ data may well be shared or traded away without their permission matter, beyond proving once again that too often corporations will say nearly anything to further their march to higher profits and stock prices?
For one, it makes America less secure, by making it much easier for foreign adversaries to scoop up Americans’ deeply personal information to then use as ammunition against the United States.
Two recent reports written for the Senate Intelligence Committee are a stark illustration of how these campaigns work. Russia tried hard to keep African-Americans away from the polls by targeting them on social media in 2016. These kinds of foreign influence operations will only get more sophisticated in the future.
When hostile regimes have ready access to Americans’ data — by obtaining it from friendly companies or stealing it — it makes it even easier for these governments to micro-target us with divisive messages and false content designed to undermine American democracy.
Companies repeatedly lie to Congress and the American people about what they do with our information. It’s my view that CEOs who lie to the government about protecting your privacy shouldn’t get off with a slap-on-the-wrist fine: They should face serious financial penalties and even the possibility of prison time for lying to the government about protecting your data and, under my bill, they will.
After watching the privacy spin cycle far too many times, it’s clear to me that corporate CEOs need some skin in the game to actually take Americans’ privacy seriously.