Facebook's Mark Zuckerberg has a tough road ahead in Europe on data privacy

Turns out "sorry" doesn’t seem to work as much for the social network’s chief anymore.

Ian Sherr Contributor and Former Editor at Large / News
Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. As an editor at large at CNET, he wrote about Apple, Microsoft, VR, video games and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.
Erin Carson Former Senior Writer
Erin Carson covered internet culture, online dating and the weird ways tech and science are changing your life.
Expertise Erin has been a tech reporter for almost 10 years. Her reporting has taken her from the Johnson Space Center to San Diego Comic-Con's famous Hall H. Credentials
  • She has a master's degree in journalism from Syracuse University.
Ian Sherr
Erin Carson
5 min read
Getty Images

How many times can you say you're sorry before we stop caring?

If Facebook CEO Mark Zuckerberg's globe-trotting apology tour over privacy violations, election meddling and allowing hate speech to flourish on Facebook is any sign, the answer is not that many.

After telling the US Senate, the US House of Representatives, Facebook's 2.2 billion users, the company's investors, 5,000 developers and loads of advertisers that he screwed up, Zuckerberg said he was sorry yet again on Tuesday when he admitted to the European Parliament that fake news and misuse of Facebook users' private information has become a serious problem for the world's largest social network.

But when it came to anything substantive about European privacy laws, concerns Facebook may be turning into a monopoly and how people can avoid their data being tracked by Facebook even if they're not a user, Zuck didn't have a lot to say.

European regulators ran out of patience.

Watch this: Mark Zuckerberg sure is saying he's sorry a lot

"I asked you six 'yes' and 'no' questions, and I got not a single answer," said Guy Verhofstadt, a Parliament member representing Belgium. "Yes," someone in the room echoed in support. Others chimed in. One lawmaker interrupted Zuckerberg's closing statements to ask if Facebook is a monopoly. Another complained about the Facebook CEO's lackluster responses.  

"I'll make sure we follow up and get you answers to those," Zuckerberg said, deferring to his team to provide more complete responses, just as he did with Congress in April.

That's what we heard, but what we're seeing with EU regulators' reaction is an uncomfortable reality for Zuck and Co.

Over the past two months, Facebook has scrambled to contain the fallout from the spiraling scandal that began with Russian meddling in the US election and then hit a fever pitch when the company admitted in March that as many as 87 million user profiles may have been sold to a UK-based political consultancy called Cambridge Analytica.

Since then, Facebook's released new features designed to better protect privacy and enacted new policies to ensure app developers can't improperly collect and sell users' information. And it's put out a series of ads and public apologies in addition to all those statements and posts from Zuckerberg.

Investors remain confident in Facebook's chief and his plan -- the company's shares were little changed after his testimony in Brussels -- and even with #DeleteFacebook campaigns, hordes of users aren't abandoning the service. At least for now.

Zuckerberg needs to keep saying and doing the right thing to convince you, me and everyone else who uses its services -- WhatsApp , Instagram and Facebook itself --  that he can be trusted to be the guardian of our photos, contacts, political views, religious beliefs and anything else we post. Facebook needs us to share, like and log in to the social network a lot from our mobile devices so it can serve up all the targeted and lucrative ads that are the source of its $41 billion in annual sales.

"I think people always need to hear that there were mistakes made and they're going to work to fix this," said James Norton, a former deputy assistant for the Department of Homeland Security in the George W. Bush administration. "However I'm not sure it's fixable unless the business model changes."

Facebook declined to make Zuckerberg available for an interview.

Stinging questions

In many ways, Facebook's ad business model was as much under scrutiny during the hearing as the company's self-inflicted privacy problems. Members of the European Parliament repeatedly asked about how their constituents can opt out of Facebook's data collection -- even when they don't have a Facebook account but visit sites and use services that embed Facebook's advertising and analytics tools. This is a problem called shadow profiles, and Zuckerberg essentially said people can't avoid being tracked.

The politicians also worried about data that's shared between Facebook and its WhatsApp messenger app, whose early popularity in Europe came because it gave people a way to avoid country-to-country text messaging charges. The UK's Information Commissioner's Office (ICO) found in March that some information may be shared between the two apps for ad-serving purposes, running afoul of privacy rules.

Zuckerberg's unwillingness to address those concerns in detail didn't win him any fans and it certainly didn't help telegraph Facebook's sincerity, Norton added.

Instead, Zuckerberg's testimony came off as damage control, said Rahul Telang, professor of information systems at the Tepper School of Business and Heinz College at Carnegie Mellon University. He said Zuckerberg "wants to repair" the company's image, but it seemed more like Facebook's chief spoke in Brussels "grudgingly."

The format of the meeting didn't help. The regulators asked their questions one after another, rather than in a question-and-answer format like what Zuckerberg faced with the US Congress. When time came for Zuckerberg to speak, he spent about 15 minutes responding to the questions as a group, instead of individually. That's when regulators began complaining he hadn't given sufficient answers.

European lawmakers already look at Facebook with skepticism, Telang said. That old can-do American entrepreneurial spirit embodied by Zuckerberg, who founded the social network 14 years ago in his college dorm room, doesn't have the have the same effect in Europe, which has taken tougher stances on user privacy than the US.

"It's not enough for Europe's leaders," said Betsy Page Sigman, a professor at Georgetown's McDonough School of Business.

The ultimate test of just how effective Zuckerberg's apology tour in Europe is might depend on how the General Data Protection Regulation, or GDPR, is enforced. The strict new European privacy regulation, which goes into effect Friday, requires that companies state plainly how they treat users' privacy and ask for permission whenever they want to share users' data. But it's so wide in scope, companies may not be able to meet its provisions at first -- and it may take a while before violators of the rules are called out.

Facebook has said it plans to both follow the rules and extend additional privacy protections to all its users, even outside the EU.

For now, Facebook seems caught up in a vicious cycle in which mistakes get made, users are affected, Zuckerberg apologizes and everyone tends to move on. That creates something of a norm that Brian Solis, a principal analyst at Altimeter Group, finds troubling.

Unless we hold Facebook more accountable, he said, the cycle will just continue. "There's always going to be another thing for Mark to apologize for."

First published May 23 at 5:00 a.m. PT.
Updated May 24 at 4:00 a.m. PT: Adds more details about the meeting and fallout.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.