MEPs call for action in wake of Facebook-Cambridge Analytica scandal

European MEPs have demanded a full audit by EU bodies on Facebook, as a resolution adopted at the UK’s Information Commissioner’s Office confirmed a £500,000 fine for Facebook for failings relating to the Cambridge Analytica data sharing scandal.

The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded a quiz app, but were simply “friends” with people who had.

Facebook also failed to keep the personal information secure because it did not make suitable checks on apps and developers using its platform. These failings meant one developer, Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge.

The MEPs’ resolution also calls for electoral laws to be updated to reflect the new digital reality and for EU member states to investigate alleged misuse of online political spaces by foreign forces.

The resolution comes as a response to the unauthorised collection and sharing of personal data of 87 million Facebook users, including 1.1 million Britons that was exposed in March 2018.

MEPs say Facebook did not only breach the trust of EU citizens, but also breached EU law. They recommend that Facebook make changes to its platform to comply with EU data protection law.

MEPs note that the data obtained by Cambridge Analytica may have been used for political purposes, by both sides in the UK referendum on membership of the EU and to target voters during the 2016 American presidential election.

They highlight the urgency of countering any attempt to manipulate EU elections and to adapt electoral laws to reflect the new digital reality.

To prevent electoral meddling via social media, MEPs propose:

• Applying conventional “offline” electoral safeguards online: rules on spending transparency and limits, respect for silence periods and equal treatment of candidates;
• Making it easy to recognise online political paid advertisements and the organisation behind them;
• Banning profiling for electoral purposes, including use of online behaviour that may reveal political preferences;
• That social media platforms should label content shared by bots, speed up the process of removing fake accounts and work with independent fact-checkers and academia to tackle disinformation;
• Investigations should be carried out by member states with the support of Eurojust, into alleged misuse of the online political space by foreign forces.

The resolution summarises the conclusions reached following last May’s meeting between leading MEPs and Facebook CEO Mark Zuckerberg, and the three subsequent hearings. It also references the data breach suffered by Facebook on 28 September.

Facebook reported a “security issue” affecting “almost 50 million accounts” on 28 September, three days after detecting the problem and starting investigations.