Don’t Ask Zuckerberg about Shadow Profiles

Mark Zuckerberg’s meeting with the EU Parliament President’s Council didn’t do Facebook any good. The members asked a number of sharp, well-focused questions (much better than the ones Zuckerberg faced in the US, I have to say) that either weren’t answered at all or were only addressed superficially.

The feeling that Facebook is untrustworthy was intensified. Facebook’s first problem was a too-clever format: rather than one question followed by one answer, members asked all their questions in a lightning round.

This allowed Zuckerberg to cherry-pick the questions he wanted to answer and ignore the rest. But members whose questions weren’t answered noticed, and they weren’t happy.

The Shadow Profiles Tap Dance

By the end of the meeting, members were heckling Zuckerberg. One question really stood out: UK MEP Syed Salah Kamall demanded an answer on shadow profiles. Instead of answering it directly, Facebook’s CEO mumbled something that wasn’t really on point:

“Um, sure, so to to to to your question the, for um, for the content that, uh, that websites and apps sent us, um, we think it’s very important that people have the ability to clear this ah, so, ah, we just launched, or or, just announced that we’re building and will soon launch this ‘Clear History’ feature that allows you to clear all basic browsing history data.”

This isn’t going to fly. By now, we know that Facebook collects data from other people’s websites, so all the talk about controls for Facebook users is window dressing.

Facebook Users Have More Control

Facebook’s champions, such as the Obama FCC and FTC, as well as misguided critics in the #DeleteFacebook movement, have been selling the fiction that Facebook can’t track us if we stay off the site. Even supposed technologists such as Steve Wozniak have made a big deal out of deleting their Facebook accounts.

But this is nonsense. Like Google, Facebook has convinced web sites to include their like and share buttons, to embed their invisible “pixel” tracking code, and to use the Facebook commenting system.

Facebook doesn’t want to talk about the third party tracking. It’s great that registered users have control over the data that Facebook collects and monetizes.

The Great Divide

But the dichotomy between registered users and shadow users is significant. The best reason not to “Delete Facebook” is to maintain some semblance of visibility and control over our data.

Facebook could create a system that allows shadow users to control their data too: but creating such a system requires an admission that Facebook is sitting on troves of data that no user ever consented to have them collect.

It’s a one-way relationship: even if we don’t love Facebook, they love us. More correctly, they love our data.

What Will Europe Do?

I don’t know a lot of people who like Europe’s GDPR. It seems to be nothing more than some annoying emails about privacy notices nobody reads and a lot more cookie consent click-throughs.

One friend describes Europe as “the continent whose contribution to the development of the Internet is the cookie warning.” And he’s European.

GDPR means we’ll be using this innovation more than ever before. But users, it seems, care more about the right to be forgotten than about annoying cookie warnings.

Winter is Coming

I sense the appetite for some retaliation against Facebook; today’s performance was just too much to be ignored. But what can EU regulators do?

Breakups are always an option for regulators eager to deal with an abusive monopoly. Facebook could be shorn of acquisitions such as Instagram, WhatsApp, or OculusVR. Wikipedia lists 67 Facebook acquisitions, so regulators have a lot to choose from.

The real problem would appear to be the combination of the Facebook site and the tracking system. But if regulators decide to address the implications of this mashup, they would need to address Google’s tracking + search combo as well. And that’s a heavy lift so a breakup may be easier.

What Can Facebook Do?

I can’t help but think Facebook has created a host of problems for itself over the years by being too cavalier about data collection and not nearly careful enough about data protection.

One of the EU parliamentarians pointed out that Zuckerberg seems to spend an awful lot of time apologizing and vowing to do better. But it never gets any better, so the promises are empty.

The current debacle over Cambridge Analytica could have been managed a whole lot better. The Congressional hearings as well as the EU Parliament hearings underscore the fact that Mark Zuckerberg is not good at leading a large company.

Bring in a Professional CEO

Facebook’s best move is to replace Zuckerberg with a professional manager with the kind of political skills Google’s former CEO Eric Schmidt has. Big companies with big regulatory issues need different leadership than startups do.

Zuckerberg is apparently a great technologist, so why doesn’t the Facebook board free him to do what he does best? He must be deeply committed to the idea that only he can run the company, but if nothing changes there’s not going to a company to run.

At a minimum, Facebook needs to reorganize the company in such a way that a single CEO can exercise effective control over its major pieces. An Alphabet-like reshuffling with a new level of management would at least signal seriousness about improvement.

[Note: Tony Romm saw the same hearing.]