Facebook CEO Mark Zuckerberg took his mea-culpa tour to the pages of the New York Times, Washington Post, Wall Street Journal, and six U.K. papers on Sunday, apologizing in a full-page ad for the company’s “breach of trust” around the Cambridge Analytica scandal and promising to “do better.”
Cambridge Analytica is alleged to have harvested the private data of 50 million U.S. Facebook users without their consent in an effort to build psychographic profiles meant to influence voters’ decisions. The data firm’s London office was raided by U.K. authorities on Friday as part of an investigation into the misuse of personal information by political campaigns and social media companies, including Facebook, Cambridge Analytica, and its parent company, SCL.
Facebook only acknowledged the 2014 breach on March 16, after it was uncovered in a joint investigation by the New York Times and the Observer of London.
The scandal, which follows earlier revelations about how fake news and Russian cyberwarfare efforts on Facebook may have had an effect on voters’ political leanings, has already wiped out nearly $50 billion in stock value for the company. The lawsuits and think pieces are proliferating, too.
The news has also prompted a #deletefacebook movement, particularly as more people discover just how much the company knows about them. Users have downloaded their Facebook data files in order to better understand the amount of data the company has collected, with some alarmed to learn that their call histories were being tracked by Facebook’s mobile apps. On Saturday, Ars Technica reported that Facebook appears to have harvested phone call and SMS metadata from its Android app users for years, at least until Google blocked Android apps from collecting such data last October.
Zuckerberg focused only on Cambridge Analytica in his Sunday ad. The shady firm, which was hired by the Trump campaign in 2016, counts conservative megadonors Robert and Rebekah Mercer, as well as alt-right figurehead and ex-Trump adviser Steve Bannon, among its founders. A company whistleblower claimed last week that the Mercers and Bannon wanted to use the company to help them wage a culture war in America, though the effectiveness of the company’s psychographic microtargeting methods has likely been oversold, at least in the U.S.
Cambridge Analytica CEO Alexander Nix was suspended last week after he was caught by undercover reporters saying that the company would help clients bribe or entrap political candidates in sex scandals, though it’s not clear whether the company has actually pulled off any such schemes in the past. Either way, the company isn’t the kind that most people feel comfortable hoarding their personal data. But because of Facebook’s formerly lax policies, it did just that.
“We have a responsibility to protect your information,” Zuckerberg declared at the top of his Sunday ad. “If we can’t, we don’t deserve it.”
“This was a breach of trust, and I’m sorry we didn’t do more at the time,” he continued. “We’re now taking steps to ensure this doesn’t happen again.”
Zuckerberg then reiterated the same efforts he announced last week: that the company has limited what information Facebook apps have access to, will be reminding users which apps they have allowed to access their data, and will be auditing all apps that have previously had access to large amounts of user information in order to identify more abusers.
“We expect there are others [that misused Facebook data],” he acknowledged, promising that additional affected users would be notified. (The 50 million Facebook users whose data was harvested by a researcher working for Cambridge Analytica were never notified.)
But while Zuckerberg claims that Facebook has “a responsibility to protect” its users’ information, he isn’t talking about responsibility in a legal sense. Sunday’s PR blitz can be seen as an attempt to stave off government action, as well as amplifying the company’s apology and calming down investors. But Zuckerberg did concede on CNN last week that, “I actually am not sure we shouldn’t be regulated.”
In the European Union, the looming General Data Protection Regulation (GDPR) will grant EU citizens legal rights regarding their data when it comes to dealing with data-devouring companies like Facebook and Google. Such protections aren’t available to U.S. citizens. Even though a majority of Americans now favor regulating tech companies, new laws to do so aren’t even on the political horizon, and even if they were, they would face a presidential administration that’s far more interested in gutting regulations than adding them.