The Washington PostDemocracy Dies in Darkness

One key question for Zuckerberg: Will Americans become second-class Web citizens?

In his opening statement at the Senate Judiciary and Commerce Committee hearing, Facebook CEO Mark Zuckerberg said he's responsible for mistakes Facebook makes. (Video: The Washington Post, Photo: Matt McClain/The Washington Post)

BERLIN — Europe had its own successful social media networks once, with obscure names such as SchuelerVZ, Viadeo and Netlog. Almost all of those platforms are now either defunct or have seen their presence largely diminished, as major U.S. tech companies such as Facebook and Google have conquered the market.

Europe is still a market leader in at least one way, though: Its privacy standards are the world’s toughest, especially as lawmakers elsewhere have hesitated or failed to rein in the powerful tech companies.

European Union regulators have long been tougher on tech companies than their U.S. counterparts, forcing these companies to give users more control, imposing fines for noncompliance, and requiring platforms to spot and delete illegal content. With such concerns now being widely discussed in the United States and other countries, including India, Europe’s skeptical stance toward Big Tech suddenly appears not to be that old-school anymore.

In Europe, recent revelations about data misuse mostly resulted in calls to speed up work on privacy regulations that was already underway.

In the United States, however, they may lead to much tougher questions: Would American Facebook users become de facto second-class members when it comes to privacy issues, if U.S. lawmakers continue to avoid regulations as foreign governments push ahead?

As Facebook chief executive Mark Zuckerberg will continue to address U.S. lawmakers on Wednesday, his best bet might essentially consist of promising American users the sort of protection the company had to grant its European users. Zuckerberg and other Facebook officials have indicated that this is at least part of their strategy in recent weeks and during his hearing on Tuesday.

“You think the Europeans had it right?” Sen. Lindsey OGraham (R-S.C.) asked during the session, referring to E.U.-style regulations of U.S. tech companies.

“I think that they get things right,” Zuckerberg responded, echoing previous company statements.

“Europe was ahead on this,” Facebook’s chief operating officer, Sheryl Sandberg, acknowledged in a recent interview with the London-based Financial Times. Zuckerberg later promised to apply E.U. standards worldwide, even if some regional differences would probably persist.

The Facebook chief executive may seek to use his appearances at the Capitol Hill hearings to further portray those promised changes as a willingness to self-regulate. But the timeline of events leading up to his promise to adapt to coming European rules and to make further changes points to a different conclusion. In Europe, Facebook acted only when governmental pressure became too risky to ignore — after a political and legal struggle that dragged on for years. As Facebook faces mounting pressure in the United States, too, it’s worth keeping in mind that its privacy compromises didn’t come out of nowhere, privacy advocates here caution.

The key question is whether Zuckerberg’s promises to implement European standards worldwide are genuine or a strategy to persuade U.S. lawmakers to leave the company alone.

That is why Tuesday’s appearance was also about a cultural difference that has widened in recent years: Should the United States stick to its belief in the industry’s self-regulation, even as scandals mount? Or should it copy Europe’s approach, which has had more impact, even though critics warn of governmental overreach?

Introduced as the General Data Protection Regulation (GDPR) and set to take effect next month, the landmark European law will force all companies operating here to tell their online European users which data they have stored on them and provide them with an option to delete that information. Companies need to explicitly ask their users for consent whenever they seek to deviate from certain standards, rather than forcing them to opt out in case they realize what they have signed up for, as is often the case. Violations can result in significant fines.

The right to privacy is costly, however. The global law firm Paul Hastings has estimated that any Fortune 500 company dealing with E.U. customers will spend an average of $1 million on adjusting tech systems. (The law doesn’t target only social networks such as Facebook but also just about any company that has a website.) Critics have also blasted the legislation as too protectionist, too vague or too broad.

Some even fear the end of the open Internet’s business model. “GDPR, and calls for similar regulation in the U.S., may lead to the end of what has long been the internet’s grand bargain: the exchange of free or subsidized content for personalized advertising,” wrote Larry Downes of the Georgetown Center for Business and Public Policy.

European social media skeptics, however, are celebrating the law as almost revolutionary, especially as companies such as Facebook that long escaped E.U. scrutiny promised to adapt to the new rules. The Economist magazine, Britain’s leading free-market voice, similarly praised the law, writing that “the case for copying the best bits of the European Union’s approach is compelling.

Still, the European changes might have passed virtually unnoticed in the United States had they not coincided with revelations about the data-harvesting company Cambridge Analytica's collection of Facebook users’ personal data for political ends.

Facebook said last week that Cambridge Analytica may have obtained information on far more users — with about 20 percent of them estimated to be living outside the United States. In a separate revelation, Facebook also had to acknowledge last week that “malicious actors” discovered the identities and collected data on most of its 2 billion global users. The mechanisms used by Cambridge Analytica and the “malicious actors” cited by Facebook appear to have been legal and do not constitute a data hack but, rather, a deliberate exploitation of information through tools or loopholes that Facebook provided in the past.

Zuckerberg appeared to be prepared for some uncomfortable questions during his hearing on Tuesday. In a conference call with journalists last week, he already applauded the European efforts, calling them “very positive,” in a somewhat surprising assessment.

“Regardless of whether we implement the exact same regulation, I would guess that it would be somewhat different, because we have somewhat different sensibilities in the U.S. as to other countries,” Zuckerberg reemphasized during his congressional hearing on Tuesday.

In an open letter, U.S. and European consumer protection groups still urged Zuckerberg to provide more “specific details on how the company plans to implement these changes.”

Zuckerberg's praise for Europe’s tough data rules — which have been considered detrimental to the company’s business model — may indicate either a real strategy change or, as some consumer protection groups fear, an effort to calm nervous lawmakers by promising eventual change that may or may not materialize.

More on WorldViews:

The pope’s challenge to Orban and Europe’s far right

30 killed, including 23 children, as school bus plunges off mountain road in India

Organizers try to keep overweight people from joining a Dutch military parade