Facebook officials were grilled and upbraided Thursday by a Canadian parliamentary committee studying the Cambridge Analytica data breach as well as broader privacy issues that have come to light in the fallout of that scandal.
More than 620,000 Canadians were among the 87 million Facebook users whose data was improperly obtained by the political strategy firm Cambridge Analytica, which attempted to psychologically profile voters in order to influence the American presidential election.
“In terms of our legislation here in Canada, PIPEDA, which requires consent … where was the consent of 620,000 users?” Liberal MP Nathaniel Erskine-Smith asked early in the hearing.
“Perhaps you’re in compliance with the law now, but it seems pretty clear you weren’t in compliance with the law previously, is that fair?”
Facebook deputy privacy chief Robert Sherman said that Facebook’s terms of service were “very clear” that was how the service operated at the time.
Sherman stressed that the social media giant has changed all sorts of policies since 2014, and especially in the past few weeks, to prevent this kind of information from being shared, and to limit the ability of third parties to scrape user data.
“Unfortunately those changes are only being made once this situation has been made public, and not because you ever thought this was the right thing to do,” Erskine-Smith shot back.
After Erskine-Smith, Conservative MP Peter Kent said that last year Facebook threatened to withdraw Canadian investment funding if the government regulated the social network.
“We were told almost in passing that any new Canadian regulations might well put at risk Facebook investments in Canada along the lines of the $7 million invested in the artificial intelligence project in the Montreal hub,” Kent said.
Facebook Canada head of public policy Kevin Chan denied that the company would do such a thing.
“We certainly do not base our investment decisions on the specific regulatory environment,” Chan said.
During the two-hour hearing, Chan and Sherman mostly echoed the testimony Facebook chief executive Mark Zuckerberg gave earlier this month before lawmakers in Washington, D.C.
The company has repeatedly apologized for the data breach, and said that they were “too idealistic” about building a system for social networking without taking a broad enough view of their social responsibility to prevent malicious actors from using the site to manipulate elections, spread disinformation and scrape private data from users.
Earlier this week, the committee heard from federal privacy commissioner Daniel Therrien, who is investigating the Cambridge Analytica data breach.
Therrien said that Canada is long overdue for tougher legislation when it comes to digital privacy rights, and the incoming European General Data Protection Regulation would be a good model to follow.