It was recently revealed that the Facebook – Cambridge Analytica Scandal had affected around 87 million users of the social network site, whose personal data had been used to influence voter opinion. On April 10 and 11, 2018, Facebook CEO Mark Zuckerberg testified in front of the United States Senate Committee on Commerce, Science and Transportation in relation to the scandal. While in Congress, the 33-year-old multibillionaire faced a number of questions in relation to GDPR, which indicates that the US may be considering similar legislation moving forward.
What is GDPR?
GDPR stands for General Data Protection Regulation, a new set of laws for controlling the use of personal data online. GDPR covers all foreign companies which process the data of residents of the European Union and addresses the export of data outside of the EU. The regulation was conceived in April 2016 and will be implemented in May of 2018. Once it comes into effect, it will replace the existing Data Protection Directive which came about in 1995.
According to the European Commission, “personal data is anything relating to the individual,” and includes everything from names, to addresses, to telephone numbers. Companies that want to streamline their cybersecurity in a way that’s compatible to GDPR have a vast array of tools at their disposal, which need careful consideration and maintenance to ensure GDPR compliance. Based on the size and needs of their company, these range from managing cookies in Google Tag Manager and form software to sophisticated SIEM (Security Information and Event Management) toolkits, security log management offering a holistic view of an organization’s information security.
What Did the Questions Reveal?
Among the wide range of questions posed to Zuckerberg – some of which have already led to a number of internet memes – there were some serious queries about GDPR which suggest the US wants to implement a similar form of regulation. Rep. Gene Green discussed how Facebook had committed to adhering to the GDPR in Europe, and questioned whether Americans would be entitled to the same protections as EU members when GDPR comes into play. Zuckerberg replied that yes, there would be the same regulations enforced in the States.
Rep. Janice Schakowsky followed up on the questioning about GDPR but didn’t get quite such a clear-cut response from the man who became a billionaire at the age of 23. Zuckerberg gave a more ambiguous response to the congresswoman, telling her what they would do in the EU to comply with GDPR, but not explicitly saying that this would be extended to the US.
If Facebook is to alter its privacy settings for EU citizens under the new regulations, there is no reason why this change can’t be universal. The members of Congress who quizzed Zuckerberg on this situation were right to do so, and it wouldn’t be surprising to see the US follow suit with some new legislation of their own in light of recent events. In addition to this move showing a general approval of GDPR in the US, it can also be argued that exactly because GDPR applies not only to companies in the EU but all companies handling the data of EU residents regardless of where the companies are based, GDPR-like legislation could be easier to apply for businesses in the US.