Facebook believes accountability and investment signals it is taking privacy seriously

September 08, 2021

While a discussion paper on the Attorney-General’s review of Australia’s Privacy Act 1988 remains outstanding, Facebook has taken the opportunity to bust some so-called myths about the company’s approach to privacy.

During a virtual briefing with media on Wednesday, the social media giant’s privacy and policy director Steve Satterfield said the company is on a “perpetual quest” to bust the myth that Facebook sells people’s data to advertisers or other third-parties.

“It’s just false,” he said.

“We do not sell people’s data. We never have.”

In July 2019, the social media giant was hit with a $5 billion fine by the US Federal Trade Commission (FTC) for violating user privacy. The FTC investigation alleged that Facebook repeatedly used “deceptive disclosures and settings to undermine users’ privacy preferences” in violation of its 2012 agreement with the FTC. It was that case that forced Facebook to agree to overhaul its consumer privacy practices.

In that same year, Facebook paid a £500,000 fine issued to it by the UK Information Commissioner’s Office after an investigation into the misuse of personal data in political campaigns.

Satterfield added another “myth” that still exists in “certain parts of the world” — and unsure whether that includes Australia or not — that should be clarified is Facebook is anti-regulation.

“That’s actually quite the opposite. We are very vocally pro-regulation, including around privacy,” Satterfield said.

He pointed out, for instance, that the company believes a globally consistent approach to privacy regulation is necessary, noting that inconsistency is “both bad from a user’s perspective and it’s also bad from the business perspective”.

“It’s really hard to build global services to accommodate the laws of individual cases, or in my case, in [US] states,” Satterfield said, noting that Europe’s General Data Protection Regulation (GDPR) is the “most influential piece of privacy legislation ever created”.

The remarks echo Facebook’s submission for the Privacy Act review where it recommended that Australian privacy laws be reformed to make them more aligned with the GDPR.

Satterfield also took the opportunity to rattle off a slew of features that Facebook has introduced over the years to ensure that privacy is “built-in” to its products, including allowing Facebook users to easily delete past posts and download copies of their own information to Dropbox or Google Drive. Introducing a Snapchat-like view once photo and view feature on WhatsApp was another one that Satterfield listed.

But when asked by ZDNet about why Facebook’s emphasis on privacy considerations have really only surfaced in recent years — and not since the beginning — Satterfield said it was due to a couple of reasons.

“Executive level accountability that is something that has happened by virtue of our settlement with the FTC, but it’s also I think more broadly reflective of executive investment in privacy,” he said.

“I think it’s always been central … that has evolved in the time that I’ve been here now. We have a privacy board that is made up of product managers and engineers to work on privacy that didn’t exist when I got here.

“I would say it’s those two things: It’s executive level investment and accountability — and I include our CEO Mark Zuckerberg — and technical investment in privacy.”

Satterfield was brought into Facebook to work on privacy and public policy seven years ago — a decade after Facebook was first established.