Facebook responds in writing to Congress' questions from Zuckerberg's testimony

The social network received more than 2,000 questions.

Richard Nieva Former senior reporter
Richard Nieva was a senior reporter for CNET News, focusing on Google and Yahoo. He previously worked for PandoDaily and Fortune Magazine, and his writing has appeared in The New York Times, on CNNMoney.com and on CJR.org.
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Richard Nieva
Laura Hautala
4 min read

Facebook CEO Mark Zuckerberg

James Martin/CNET

Facebook CEO Mark Zuckerberg answered a lot of questions when he testified before Congress in April. A common answer over the course of the 10-hour grilling: He'd have his team "get back to" lawmakers with answers.

On Monday, Congress released the social network's written responses to those questions and more. Facebook said it received more than 2,000 questions, a total that included queries from before the hearing. 

The questions spanned the range of Facebook's activities. Congress inquired about the social network's  so-called "shadow profiles" -- information Facebook collects about people from places other than Facebook -- as well as the company's responsibilities for notifying users of data breaches. 

The question about disclosures on data breaches came from Sen. Amy Klobuchar, a Minnesota Democrat, who asked if the company would support legislation that requires the company to notify users within 72 hours of a breach. Facebook responded by saying it is "generally open" to such requirements. But the company also said the situation is complicated in the US because there isn't a central authority to report the breaches to, unlike in the European Union. 

"This complexity makes it harder to respond appropriately and swiftly to protect people in the event of a data breach," Facebook wrote. "We believe this is an important issue and an area that is ripe for thoughtful regulation." 

Zuckerberg's testimony before both the Senate and House last month came as the social network deal with a scandal involving Cambridge Analytica, a digital consultancy that had ties to the Trump presidential campaign. Cambridge Analytica improperly accessed personal information on up to 87 million Facebook users, prompting a backlash that raised questions about whether Facebook can be trusted to protect the personal information of its 2 billion users.

The company has also been in the hot seat for not doing enough to prevent abuse from Russian trolls that posted misinformation and divisive content on the platform. The Russian activity was part of a program to meddle in the US presidential election and sow discord among voters.

Data collection outside of Facebook websites

Facebook also addressed questions on the intricacies of how it collects user data, as well as the data of non-users. The information came in response to a question about "shadow profiles" from Sen. Mark Udall, a Democrat from Arizona. In April, Facebook published a blog post on how it collects data on users on websites it doesn't own.

The company said it receives information about non-users from websites that have Facebook's like or comment button embedded in them. But Facebook doesn't have a way to identify web users who don't have a Facebook account, and doesn't create a profile of them, the company said.

"We do not create profiles for non-Facebook users, nor do we use browser and app logs for non-Facebook users to show targeted ads from our advertisers to them or otherwise seek to personalize the content they see," the company said in its response to Udall. "However, we may take the opportunity to show a general ad that is unrelated to the attributes of the person or an ad encouraging the non-user to sign up for Facebook."

For people who do have Facebook accounts, the collection of information from its Like, Share and comment fields in third party websites allow the company to compile a large amount of information about its users' web browsing habits. First, it learns about third-party websites a user has visited. Then, as Facebook clarified in its answer to Udall on Monday, each website is free to provide the company additional information about your activity on the website, such as whether you completed a purchase.

Facebook also uses a technology called a pixel (also referred to as a web beacon or web tag by some other companies), that collects information for advertisers on what happens after users click on a Facebook ad.

Facebook said it isn't the only company that does this. "This is a standard feature of the Internet, and most websites and apps share this same information with multiple different third-parties whenever people visit their website or app," the company said, citing Google as another company with similar data collection practices.

Facebook's collection abilities are vast. In its written responses Monday, the company said that in the week ending on April 16, "the Like button appeared on 8.4M websites, the Share button on 931K websites covering 275M webpages, and there were 2.2M Facebook pixels installed on websites."

The social network also says it targets ads to users based on data from third-party data providers which offer info about people's "online and offline actions and and purchases," which could help explain how quickly Facebook can target you even after you wipe your profile.

Last week, Apple announced it would provide new privacy features in its Safari browser that would block the kind of data collection Facebook described Monday.

Taking content off of Facebook

Facebook fielded dozens of written questions from Sen. Ted Cruz, a Republican from Texas, about its policies for removing content for violating the company's rules.

Cruz queried the company for details on whether it has specific policies for taking down content based on the organization that publishes it, listing dozens of organizations from across the political spectrum. He also asked about several examples of political posts that Facebook either did or didn't remove, and asked for the company's rationale in each instance.

In its written answers Monday, Facebook didn't provide a specific breakdown of each instance Cruz cited, other than saying it had made a "mistake" in taking down some of the content.

When it comes to content it will take off of its platform, Facebook pointed repeatedly to its general policy. "[W]hen something crosses the line into hate speech, it has no place on Facebook, and we are committed to removing it from our platform any time we become aware of it," the company said.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Special Reports: CNET's in-depth features in one place.