MEPs take note of the privacy improvements undertaken by Facebook after the Cambridge Analytica scandal, but recall that the company has yet not carried out the promised full internal audit. They recommend that the company makes “substantial modifications to its platform” to comply with EU data protection law.
The committee also urges Facebook to allow the EU Agency for Network and Information Security (ENISA) and the European Data Protection Board to carry out “a full and independent audit” and present the findings to the European Commission and Parliament and national parliaments.
The resolution, passed with 41 votes to 10 and 1 abstention, summarises the conclusions reached after the meeting last May between leading MEPs and with Facebook CEO Mark Zuckerberg and the three subsequent hearings to clarify the impact of the Facebook data breach by Cambridge Analytica. It also refers to the latest data breach suffered by Facebook, on 28 September, which exposed access tokens for 50 million accounts.
Fight against election meddling
MEPs note that the General Data Protection Regulation and the new rules on European political party funding already foresee sanctions for breaching data protection rules to influence elections’ outcomes.
To prevent electoral meddling via social media, they also propose:
Update competition rules and increase algorithmic transparency
MEPs call on the European Commission to upgrade EU competition rules to reflect the digital reality, look into the social media platforms’ possible monopoly and audit the advertising industry on social media.
The text also asks for much greater accountability and transparency on algorithmic-processed data by any actor, be it private or public.
Facebook accounts of EU institutions
MEPs ask all EU institutions, agencies and bodies to verify that their social media pages and the analytical and marketing tools used “should not by any means put at risk the personal data of citizens”. If needed, they suggest that they “consider closing their Facebook accounts” to protect personal data of every individual contacting them.
Call on the Commission to suspend Privacy Shield
MEPs call on the European Commission to suspend the Privacy Shield agreement (designed to protect EU citizens whose personal data are transferred to the US for commercial purposes), since US authorities failed to comply with its terms by 1 September 2018.
Claude Moraes (S&D, UK), Chair of the Civil Liberties Committee and rapporteur, said: "This resolution makes clear that we expect measures to be taken to protect citizens’ right to private life, data protection and freedom of expression. Improvements have been made since the scandal, but, as the Facebook data breach of 50 million accounts showed just last month, these do not go far enough.”
The resolution will be put to a vote by the full Parliament during the next plenary session (22-25 October) in Strasbourg.