Mark Zuckerberg Facebook

UK Parliamentary Committee Presses Zuckerberg to Address Privacy, User Data Questions

Damian Collins, Member of Parliament (MP) and chair of the UK’s Parliamentary Digital, Culture, Media and Sport (DCMS) Committee, recently issued a letter to Rebecca Stimson, the head of public policy at Facebook UK, renewing the committee’s request for Facebook CEO Mark Zuckerberg’s physical presence before Parliament as well as additional information detailing the company’s protocols.

Zuckerberg has repeatedly refused the committee’s multiple requests to appear for questioning. Most notably, following the Cambridge Analytica revelations earlier this year, the DCMS committee requested that “a senior Facebook executive” provide testimony about “how Facebook acquires, stores, and protects users’ data,” according to a report from The Verge. While Zuckerberg himself appeared before US Congress earlier this month and spoke with legislators for several hours, Facebook’s chief technical officer Mike Schroepfer met with the DCMS committee later in the month, during which he faced a reportedly tougher series of questioning regarding “the company’s data-collection techniques, oversight of app developers, fake accounts, political advertising and links to the voter-targeting firm Cambridge Analytica,” as noted by The New York Times.

In the request for Zuckerberg to appear before the DCMS committee, Collins expressed dissatisfaction with the information and responses provided by Schroepfer at the previous hearing and further claimed that Schroepfer “failed to answer fully” dozens of inquiries.

“This is especially disappointing to the committee considering that in his testimony to Congress Mark Zuckerberg also failed to give convincing answers to some questions,” Collins wrote.

“It is worth noting that, while Mr Zuckerberg does not normally come under the jurisdiction of the UK parliament, he will do so the next time he enters the country. We hope that he will respond positively to our request, but, if not, the committee will resolve to issue a formal summons for him to appear when he is next in the UK,” Collins noted.

[Related: Facebook Dodges New EU Privacy Regulations]

As Zuckerberg is reportedly set to visit with Parliamentary members later this month, he has been requested to appear before the committee on May 24. Collins listed the following questions to be answered by May 11, noting that “Mr. Schroepfer agreed that his team would follow up on the questions included below”:

1. What is the percentage of sites on the internet on which Facebook tracks users?

2. Did the Internet Research Agency use custom audiences? What targeting tools did the IRA use for their advertising? Did they have a custom audience for state-by-state campaigns/races in the USA? Did they use look-alike audiences from Facebook as part of their advertising spend?

3. What is Facebook’s definition of a political advertisement? What budget does Facebook put behind examining the parameters and use of political adverts?

4. How many developers did your enforcement team at Facebook take action against between 2011-2014?

5. Does the NDA signed with Dr Kogan prevent legal action being taken? What was the date of the agreement? Was there a payment made to Dr Kogan? [NB later in the session Mr. Schroepfer said that a) the date was June 2016 and that b) no payment was made, but it would be useful to have these points confirmed in writing. Confirmation was given in the session that the full NDA document would be provided to the Committee.]

6. Who was the person at Facebook responsible for the decision not to tell users affected in

7. Who at Facebook heads up the investigation into Cambridge Analytica, including all the
strands of the investigation?

8. Has Joseph Chancellor signed an NDA?

9. Agreement to provide documentation that Cambridge Analytica had certified the deletion of the data.

10. What was the number of paid adverts from the IRA during the US election?

11. From which country did the $2million that AIQ spent on ads come?
12. How many UK Facebook users and Instagram users were contacted by non-UK entities during the EU referendum?

13. How many clicks or swipes does it take to alter your Facebook privacy settings on a
smartphone? What steps are you taking to reduce the lengthy process of changing one’s
privacy settings?

14. What proportion of political campaigning ads globally are run on your platform? Do you have a rough estimate, based on average political campaign spend data?

15. What data on dark ads do you have?

16. Is it possible for Facebook to view pages set up during elections (e.g. the EU Referendum campaign) that host dark ads, and then are taken down a day later? Is it possible that no-one would ever be able to audit these dark ads, as no one (not even Facebook) would see them during the time they are online?

17. Was there any link between the US elections and the 2017 purge of fake accounts?

18. What proportion of the fake accounts you purged had any involvement from Russia?

19. Do you know how many developers were using and selling data on to third parties such as GSR? Is GSR the only company that has received letters from Facebook, demanding that they delete their Facebook data?

20. What kind of developer activity leading up to 2014 led to Facebook’s major policy changes related to sharing friends’ data? (Please give specific examples.) Were these changes responding to genuine concerns among Facebook users?

21. How many Facebook staff have been added to the app review team since 2014?

22. What is the legal situation regarding Facebook storing non-Facebook users’ data?

23. Did Facebook pass user information to Cambridge Analytica or to Aleksandr Kogan?

24. At the 8 February evidence session, Chris Matheson asked Simon Milner, “Have you
ever passed any user information over to Cambridge Analytica or any of its associated
companies?” Simon Milner replied “No”. Chris Matheson asked, “But they do hold a large
chunk of Facebook’s user data, don’t they?” Simon Milner said, “No. They may have lots of
data, but it will not be Facebook user data. It may be data about people who are on Facebook that they have gathered themselves, but it is not data that we have provided.” [Qq 447-448] Do you agree with this answer?

25. At the time of Simon Milner’s testimony in February 2018, who at Facebook knew about
Cambridge Analytica? Who was in charge?

26. When did Mark Zuckerberg know about Cambridge Analytica?

27. Can you tell us about the financial links between SCL and Cambridge Analytica? (In evidence Mr Schroepfer said he had knowledge to share about this.)

28. How much money has been made from fraudulent ads (for example – but not limited to- the recent case of financial expert Martin Lewis?) When you find out they have been fraudulent, do you return the money to the purchaser of the ads?

29. Can we see copies of adverts from AIQ? Who saw these adverts shown to? Who paid for them?

30. Why wasn’t GSR identified during audits of third party developers?

31. How can the feature allowing users to edit previews of article (in response to concerns over Fake News) be removed?

32. What work is Joseph Chancellor doing right now for Facebook? What is his job title? Was Facebook aware of Joseph Chancellor’s involvement in GSR at the time of his application to the company, or during his employment?

33. Mr Schroepfer said that recruitment is taking place to boost work being done in Myanmar. When is this happening and can you provide more details?

34. What is the average time taken to respond to content that has been reported to Facebook in the region?

35. How many fake accounts have been identified and removed in Myanmar?

36. How much of your revenue is derived from Myanmar?

37. Are custom audiences used as a tool by AIQ using the GSR data from the US? What was the total value of AIQ/Vote Leave spend on Facebook? Can we see examples and copies of adverts that they used? To whom were they sent, and who decided what kind of targeting to use?

38. Is there evidence that CA/SCL shared data with AIQ?

39. Why was data responsibility moved from Facebook Irl to Facebook Inc in California just one month before GDPR kicks in?