Facebook should adopt stringent EU data protection rules as a global "baseline" for all of the social network's services, consumer activists say in an open letter that contends the rules will help ensure the company is accountable and transparent.
The Transatlantic Consumer Dialogue, a coalition of US and European consumer groups, called on Facebook CEO Mark Zuckerberg to adopt the EU's General Data Protection Regulation to govern his company's platform. The sweeping regulation, known as GDPR, gives Europeans more control over their personal data and compels companies to notify consumers of data breaches within 72 hours. It also expands the types of information considered personal data.
(For an overview of the GDPR, which comes into force on May 25, click here.)
"The GDPR provides a solid foundation for data protection, establishing clear responsibilities for companies that collect personal data and clear rights for users whose data is gathered," TCD said in its letter, dated Monday. "These are protections that all users should be entitled to no matter where they are located."
The appeal to Zuckerberg comes a day before the Facebook chief is scheduled to testify before Congress in the wake of a widening data scandal that involves the possible misuse of 87 million profiles by UK consultancy Cambridge Analytica to sway the Brexit vote and the 2016 US presidential campaign. Earlier, Facebook came under fire after a Russian troll farm used the platform to sow discord by posting inflammatory material on hot-button issues like guns, LGBT rights and immigration.
Facebook declined to comment for this story, but executives have previously commented on GDPR and similar subjects.
In a conference call last week, Zuckerberg said Facebook would roll out the same controls and settings it is making available in Europe to comply with GDPR throughout the world. But he suggested the format might not be uniform because of differences in law across markets.
The EU says the GDPR is "the most important change in data privacy regulation in 20 years." It applies to all organization that collect or have data on EU citizens, which expands its reach beyond the continent. Importantly, the GDPR expands the definition of personal data to digital fingerprints such as IP addresses and cookies.
In its letter, the Transatlantic Consumer Dialogue suggested the GDPR represents the gold standard in data protection, telling Zuckerberg that "there is simply no reason for your company to provide less than the best legal standards currently available to protect the privacy of Facebook users."
It urged Zuckerberg to express his commitment "to global compliance with GDPR and provide specific details on how the company plans to implement these changes" in his Congressional testimony.
Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.
Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.