EU bodies should be allowed to fully audit Facebook to assess data protection and security of users’ personal data, said Civil Liberties MEPs on Wednesday.
MEPs take note of the privacy improvements undertaken by Facebook after the Cambridge Analytica scandal, but recall that the company has yet not carried out the promised full internal audit. They recommend that the company makes “substantial modifications to its platform” to comply with EU data protection law.
The committee also urges Facebook to allow the EU Agency for Network and Information Security (ENISA) and the European Data Protection Board to carry out “a full and independent audit” and present the findings to the European Commission and Parliament and national parliaments.
The resolution, passed with 41 votes to 10 and 1 abstention, summarises the conclusions reached after the meeting last May between leading MEPs and with Facebook CEO Mark Zuckerberg and the three subsequent hearings to clarify the impact of the Facebook data breach by Cambridge Analytica. It also refers to the latest data breach suffered by Facebook, on 28 September, which exposed access tokens for 50 million accounts.
Fight against election meddling
MEPs note that the General Data Protection Regulation and the new rules on European political party funding already foresee sanctions for breaching data protection rules to influence elections’ outcomes.
To prevent electoral meddling via social media, they also propose:
- applying conventional “off-line” electoral safeguards, such as rules on transparency and limits to spending, respect for silence periods and equal treatment of candidates;
- making it easy to recognize online political paid advertisements and the organisation behind them;
- banning profiling for electoral purposes, including use of online behaviour that may reveal political preferences;
- social media platforms should label content shared by bots and speed up the process of removing fake accounts;
- compulsory post-campaign audits to ensure personal data are deleted;
- investigations by member states with the support of Eurojust if necessary, into alleged misuse of the online political space by foreign forces.
Update competition rules and increase algorithmic transparency
MEPs call on the European Commission to upgrade EU competition rules to reflect the digital reality, look into the social media platforms’ possible monopoly and audit the advertising industry on social media.
The text also asks for much greater accountability and transparency on algorithmic-processed data by any actor, be it private or public.
Facebook accounts of EU institutions
MEPs ask all EU institutions, agencies and bodies to verify that their social media pages and the analytical and marketing tools used “should not by any means put at risk the personal data of citizens”. If needed, they suggest that they “consider closing their Facebook accounts” to protect personal data of every individual contacting them.
Call on the Commission to suspend Privacy Shield
MEPs call on the European Commission to suspend the Privacy Shield agreement (designed to protect EU citizens whose personal data are transferred to the US for commercial purposes), since US authorities failed to comply with its terms by 1 September 2018.
“This resolution makes clear that we expect measures to be taken to protect citizens’ right to private life, data protection and freedom of expression. Improvements have been made since the scandal, but, as the Facebook data breach of 50 million accounts showed just last month, these do not go far enough,” said rapporteur Claude Moraes (S&D, UK), Chair of the Civil Liberties Committee.
The resolution will be put to a vote by the full Parliament during the next plenary session (22-25 October) in Strasbourg.