Facebook’s Zuckerberg supports U.S. version of GDPR

On March 30, on his own blog as well as in the pages of the Washington Post, Facebook Founder and CEO Mark Zuckerberg did indeed throw his support to porting a version of the European Union’s General Data Protection Regulation to the U.S. He also argued that Internet company “transparency reports” are just as important, on a quarterly basis, as financial reporting.

In the opinion piece, “Four Ideas to Regulate the Internet,” Zuckerberg argues that “we need a more active role for governments and regulators.”

“By updating the rules for the internet, we can preserve what’s best about it—the freedom for people to express themselves and for entrepreneurs to build new things—while also protecting society from broader harms,” he added, stressing the need for new regulation in four areas: harmful content, election integrity, privacy, and data portability.

“We have a responsibility to keep people safe on our services,” Zuckerberg wrote. “That means deciding what counts as terrorist propaganda, hate speech, and more. We continually review our policies with experts, but at our scale we’ll always make mistakes and decisions that people disagree with. Lawmakers often tell me we have too much power over speech, and frankly I agree. I’ve come to believe that we shouldn’t make so many important decisions about speech on our own.”

In response, Facebook is creating “an independent body so people can appeal our decisions.” 

“We’re also working with governments, including French officials, on ensuring the effectiveness of content review systems,” Zuckerberg wrote. “Internet companies should be accountable for enforcing standards on harmful content. It’s impossible to remove all harmful content from the internet, but when people use dozens of different sharing services—all with their own policies and processes—we need a more standardized approach.”

One idea, he explained, is for third parties to set standards governing the distribution of harmful content and measure companies against those standards. Regulation could then set baselines for what’s prohibited and require companies to build systems for keeping harmful content to a bare minimum.

Legislation is also needed to protect elections. “Advertisers in many countries must verify their identities before purchasing political ads,” he added. “We built a searchable archive that shows who pays for ads, what other ads they ran and what audiences saw the ads. However, deciding whether an ad is political isn’t always straightforward. Our systems would be more effective if regulation created common standards for verifying political actors. … We believe legislation should be updated to reflect the reality of the threats and set standards for the whole industry.”

“Effective privacy and data protection needs a globally harmonized framework,” Zuckerberg wrote. “People around the world have called for comprehensive privacy regulation in line with the European Union’s General Data Protection Regulation, and I agree. It would be good for the internet if more countries adopted regulation such as GDPR as a common framework.”

“New privacy regulation in the U.S. and around the world should build on the protections GDPR provides,” the post argues. “It should protect your right to choose how your information is used—while enabling companies to use information for safety purposes and to provide services. It shouldn’t require data to be stored locally, which would make it more vulnerable to unwarranted access. And it should establish a way to hold companies, such as Facebook, accountable by imposing sanctions when we make mistakes.”

A common global framework, rather than regulation that varies significantly by country and state, “will ensure that the internet does not get fractured, entrepreneurs can build products that serve everyone, and everyone gets the same protections,” Zuckerberg pitched. “As lawmakers adopt new privacy regulations, I hope they can help answer some of the questions GDPR leaves open. We need clear rules on when information can be used to serve the public interest and how it should apply to new technologies such as artificial intelligence.”

Regulation, in his view, should also guarantee the principle of data portability. “If you share data with one service, you should be able to move it to another. This gives people choice and enables developers to innovate and compete,” he said. “True data portability should look more like the way people use our platform to sign into an app than the existing ways you can download an archive of your information. But this requires clear rules about who’s responsible for protecting information when it moves between services. This also needs common standards, which is why we support a standard data transfer format and the open source Data Transfer Project.”

Zuckerberg claimed to be “looking forward” to discussing his ideas with lawmakers around the world. “We’ve built advanced systems for finding harmful content, stopping election interference and making ads more transparent. But people shouldn’t have to rely on individual companies addressing these issues by themselves. We should have a broader debate about what we want as a society and how regulation can help. These four areas are important, but, of course, there’s more to discuss,” he wrote. “The rules governing the internet allowed a generation of entrepreneurs to build services that changed the world and created a lot of value in people’s lives. It’s time to update these rules to define clear responsibilities for people, companies and governments going forward.”

Zuckerberg is the latest of the tech giants to support U.S. adoption of the GDPR in some form or another. Apple CEO Tim Cook and Microsoft CEO Satya Nadella have also praised Europe’s data privacy laws and urged U.S. lawmakers to use it as a blueprint for their own efforts.