US, EU must work together in wake of Facebook data breach

US, EU must work together in wake of Facebook data breach
© Getty

With investigations underway in both the U.S. and the EU following the Facebook and Cambridge Analytica data breach, American and European legislators need to gain a clearer picture of what happened, learn the lessons and set out the way forward using all the tools at our disposal. 

There are signs from the multiple ongoing U.S. investigations — Department of Justice, Securities and Exchange Commission, FBI and the Federal Trade Commission — that there could be regulatory or enforcement action to come, and we are taking similar steps in the European Union.

ADVERTISEMENT

The recent decision of the Information Commissioner’s Office in the U.K. to apply the maximum possible fine of £500,000 on Facebook for lack of transparency and failing to protect users’ information is further evidence that more needs to be done to effect change and restore trust and confidence in our democratic systems.

 

In the European Parliament, further to our meeting with Mark ZuckerbergMark Elliot ZuckerbergFight looms over national privacy law Facebook teaming with nonprofits to fight fake election news China may be copying Facebook to build an intelligence weapon MORE, the Civil Liberties, Justice and Home Affairs Committee, which I chair, recently held a series of public hearings in association with other relevant committees to examine the implications of the scandal for data protection and privacy, electoral processes and consumer trust, in addition to exploring possible policy solutions and remedies.

Following our inquiry in the European Parliament, while many questions remain unanswered, what is clear is that more action is needed to enforce the law and ensure real transparency from companies such as Facebook in terms of data processing methods, tracking, profiling and the use of algorithms in order to ensure consumer trust and respect for privacy.

We will put forward a resolution to follow up on these hearings in which we will make clear that we expect measures to be taken to enforce the law and ensure the respect of our fundamental rights, namely the rights to private life, data protection and freedom of expression.

Further to our examination of this case, last week, the European Parliament as a whole adopted a resolution calling on the EU Commission to suspend the Privacy Shield, the data exchange deal between the U.S. and the EU, as it fails to provide the adequate level of data protection for EU citizens required by the European data protection law and the Court of Justice.

As Facebook and Cambridge Analytica are Privacy Shield self-certified, we have called on U.S. authorities to respond to recent revelations without delay and if necessary to remove companies that have misused personal data from the Privacy Shield list.

The same resolution also raises concerns regarding the recent adoption of the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which is a U.S. law that grants the U.S. and foreign police access to personal data across borders.

Indeed, this new initiative could have serious implications in terms of extraterritoriality and could conflict with EU data protection laws.

In order to address these and other concerns with our American counterparts, I will lead a delegation of my committee to the U.S. This will provide us with the opportunity to discuss our response to the Facebook/Cambridge Analytica case and the Privacy Shield directly with the U.S. government, Congress and stakeholders.

The delegation will also provide the opportunity to touch upon other matters of mutual interest to the U.S. and the EU, such as counterterrorism, progress of the visa waiver program, law enforcement and data protection, Passenger Name Records (PNR) and cybersecurity, and to learn more about recent state and federal privacy initiatives. 

Lawmakers in the U.S. and the EU must respond to our shared challenge of providing an effective policy response to the multiple threats our citizens face in terms of data protection, privacy, cybersecurity and electoral processes.

We have much to learn from each other’s investigations and, more importantly, our efforts to craft policy solutions and remedies that will ensure that companies adhere to business models that are by design and by default compliant with fundamental rights.

Claude Moraes is a British Labour Party politician, who has been a member of the European Parliament (MEP) for London since 1999. He is chair of the Civil Liberties, Justice and Home Affairs Committee and former deputy leader of the Labour Party in the European Parliament.