April 9, 2018
In the coming week, Congress will turn its attention to someone who has until now managed to fly under its radar—Mark Zuckerberg, founder and chief executive officer of Facebook. On April 10, Zuckerberg will appear as the sole witness before a joint hearing of two Senate committees—the Judiciary Committee and the Commerce, Science, and Transportation Committee. On April 11, he will then go on to testify (again as sole witness) before the House Energy and Commerce Committee.

Both hearings will focus on transparency, privacy, and Facebook’s use and protection of consumer data. In his statement, Sen. Charles E. Grassley (R-IA), chairman of the Senate Judiciary Committee, underscored that “users deserve to know how their information is shared and secured.” Sen. John Thune (R-SD), chairman of the Senate Commerce Committee, highlighted the existence of “significant concern about Facebook’s role in our democracy, bad actors using the platform, and user privacy.”

Zuckerberg’s trip to Washington comes in the aftermath of Facebook’s disclosure that the political consultancy Cambridge Analytica may have obtained the data of up to 87 million Facebook users without their authorization. It supposedly did so by leveraging a 2014 Facebook app, which collected not just information about its 270,000 app users but also that about their friends—data gathering that was in line with Facebook’s terms of service, even if its sharing with Cambridge Analytica was not.

Since then, Facebook has come under increasingly close scrutiny by bodies ranging from the Federal Trade Commission to the European Union to the British Parliament. Despite Facebook’s attempts to mollify users, stakeholders, and politicians by implementing a series of reforms, pressure remains heavy on the social media giant to show that it is committed to its users’ privacy.

The congressional hearings are a chance for Facebook to recapture the narrative in the wake of mounting concerns over how it safeguards user data—and an opportunity for lawmakers to navigate toward long-term solutions for safeguarding consumer privacy. Here are five questions that lawmakers should be asking this week:

  • With the introduction of virtual technology and platforms Facebook will glean additional information and personal data of users. Information such as how we physically move around or on the brain waves we emit has huge potential for misuse and threatens to erode our privacy in an unprecedented way. What is Facebook doing to protect this information?
  • A lot of the misuse of personal information arguably happened because of the unintended consequences of the way technology interacts—how third-party apps or account recovery and search tools enable personal information to be scrapped, for example. What is Facebook’s strategy to pre-empt/anticipate unintended consequences of interactions on your platforms?
  • Facebook has become one of the world's largest repositories of personal data, with an ever-growing range of potential uses. The monetization of personal data in the social network has become one of the pillars of your business model. Is Facebook rethinking this business model in light of recent revelations of loss of control over data? 
  • Under a 2011 consent decree with the Federal Trade Commission, Facebook agreed to get express permission and notify users before sharing their data with third parties. Has Facebook breached a 2011 consent agreement to safeguard users’ personal information? 
  • What does the responsibility to have control over users’ personal information mean to you?
Klara Jordan is director of the Cyber Statecraft Initiative at the Atlantic Council’s Scowcroft Center for Strategy and Security. Follow her on Twitter @JordanKlara.

Shaun Ee is a project assistant in the Asia Security Initiative and Cyber Statecraft Initiative of the Atlantic Council’s Scowcroft Center for Strategy and Security.

RELATED CONTENT