What Do People Need to Know About Zuckerberg’s Testimony Before Congress?

Recently, we discussed Facebook’s latest scandal and its implications for the Browser Act.  Today, we build on that with discussion of Mark Zuckerberg’s testimony before Congress. The crux of Zuckerberg’s testimony discusses two types of data.  The first type of data is user-generated “content” that Facebook users post.  This would include, but is not limited to, photographs, videos, articles shared, and even status updates.

The second type of data is more sensitive data, what we normally would call users’ personal information.  This type of information would include, but is not limited to, geolocation information, browsing history, and users’ clicked-on ads.

While Facebook’s terms of service and data policy does say that the company reserves the right to collect information on its users as well as the devices they use to access Facebook’s services, few users may understand the depth of information that they are agreeing to allow Facebook to collect.  Facebook’s data policy allows them to collect data that includes information about users’ devices such as operating systems, hardware versions, device settings, user preferences, meta data embedded in file or software, and even the specific name of a user’s device.  Notably, Facebook’s disclosures do not specifically mention all of these factors in the list of data that it discloses to its users.

Facebook also specifically gathers data on a user’s device location through the tracking of GPS, Bluetooth, and even Wi-Fi signals.  This information usually also includes the mobile operator or ISP as well as that device’s specific IP address.  What concerns Congress most is that most of this data is aggregated to be sold and passed onto advertisers.  While Facebook’s terms of service, like many service providers, notes that they reserve the right to provide non-identifying information to their partners that agree to abide by Facebook’s own advertiser guidelines, few users understand the extent of personal information passing hands.

Moreover, the key question boils down to ownership over this data.  While Zuckerberg was emphatic about the user owning it, Congress was skeptical.  They noted that Facebook’s business model derives major profits from the mass monetization and sale of user-data.  Moreover, if the user really was the owner of such data, why have users been unable to monetize their own data to sell to advertisers?  Experts in the field note that, despite Zuckerberg’s claims that the user owns the content, Facebook’s terms of service note that users basically agree to license their user-generated content to Facebook.  Specifically, such licensed intellectual property content would include, but is not limited to, photos and videos and other user-generated content to Facebook through a non-exclusive, transferable, sublicensable, royalty-free, worldwide license. Moreover, if the user tries to avoid licensing of such data by deleting their content, Facebook’s terms of service still allows for the maintenance of a user’s data in backup copies.  As such, when pressed, Facebook clarified that it may take up to approximately three months to delete all of an account’s information from Facebook’s backup systems.

With control and access to such an overwhelming amount of information on its users, Congress was suitably concerned about Facebook’s potential failure to adequate protect user-privacy.  For example, there have been reports from as early as 2013 about system vulnerabilities that have been exploited to gain unauthorized access to user-information.  As it becomes more and more clear that Facebook collects a wide variety of information with no real government oversight, it would behoove clients and counsel alike to monitor the government inquiry into Facebook and other service providers’ policies regarding users’ personal data.

For more information on this topic, please visit our Data Privacy service page, which is part of our Technology & Data Practice.

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm located in Dallas, TX.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution.  Additional information about the Internet & eCommerce law firm and its Internet & eCommerce attorneys may be found at www.klemchuk.com.

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.