EU Parliament demands Facebook audit after breach hits 87 million users

MEPs in European Parliament want Facebook to submit to a full audit by European Union bodies to determine whether the U.S. based social media company adequately protects users' personal data. The demand made in the form of an EU resolution adopted Thursday, October 25, 2018, follows the company's recent breach scandal, in which data belonging to 87 million Facebook users around the world were improperly obtained and misused.

The Parliament resolution also recommends Facebook make additional changes to combat election interference — asserting the company has not just breached the trust of European users "but indeed EU law".

Excerpt from the announcement of the resolution, 'Facebook-Cambridge Analytica: MEPs demand action to protect citizens' privacy':

• Electoral laws need to be updated to reflect the new digital reality
• Member states should investigate alleged misuse of online political spaces by foreign forces
• As follow-up action to the Facebook-Cambridge Analytica scandal, MEPs call for a full audit on Facebook and new measures against election meddling.

In a resolution adopted on Thursday, MEPs urge Facebook to allow EU bodies to carry out a full audit to assess data protection and security of users' personal data, following the scandal in which the data of 87 million Facebook users was improperly obtained, and misused.

MEPs say that Facebook did not only breach the trust of EU citizens, "but indeed EU law". They recommend that Facebook make changes to its platform to comply with EU data protection law.

Measures against election manipulation

MEPs note that the data obtained by Cambridge Analytica may have been used for political purposes, by both sides in the UK referendum on membership of the EU and to target voters during the 2016 American presidential election.

They highlight the urgency of countering any attempt to manipulate EU elections and to adapt electoral laws to reflect the new digital reality.

To prevent electoral meddling via social media, MEPs propose:

• applying conventional "off-line" electoral safeguards online: rules on spending transparency and limits, respect for silence periods and equal treatment of candidates;
making it easy to recognise online political paid advertisements and the organisation behind them;

• banning profiling for electoral purposes, including use of online behaviour that may reveal political preferences;

• that social media platforms should label content shared by bots, speed up the process of removing fake accounts and work with independent fact-checkers and academia to tackle disinformation;

• investigations should be carried out by member states with the support of Eurojust, into alleged misuse of the online political space by foreign forces.

The resolution summarises the conclusions reached following last May's meeting between leading MEPs and Facebook CEO Mark Zuckerberg, and the three subsequent hearings. It also references the data breach suffered by Facebook on 28 September.

From reporting by Natasha Lomas at TechCrunch:

Earlier this month the EU parliament's civil liberties committee adopted a similar resolution, calling for a full and independent audit of Facebook and for the company to make further changes to its platform.

The Libe committee also called for an update to EU competition rules to reflect what it dubs "the digital reality", and investigation of what it called the "possible monopoly" of big tech social media platforms.

Commenting in a statement today, following the parliament's vote, civil liberties committee chair Claude Moraes said: "This is a global issue, which has already affected our referenda and our elections. This resolution sets out the measures that are needed, including an independent audit of Facebook, an update to our competition rules, and additional measures to protect our elections. Action must be taken now, not just to restore trust in online platforms, but to protect citizens' privacy and restore trust and confidence in our democratic systems."

The resolution follows an appearance by Facebook's founder Mark Zuckerberg in front of the EU parliament's Conference of Presidents in May, and a series of parliament committee hearings including with Facebook staffers.

The EU's tough new data protection framework, GDPR, only came into force this May — so the Cambridge Analytica breach is being handled under the bloc's prior data protection framework, comprising a patchwork of Member State laws.

And earlier today a fine handed to Facebook for this breach by the UK data watchdog was upheld. The £500k penalty is the maximum possible fine under the country's prior data protection regime.

Europe's parliament calls for full audit of Facebook in wake of breach scandal [TC]