After Facebook revealed that Cambridge Analytica (CA), AggregateIQ and other companies had improperly collected data on 87 million Facebook users, people around the world waited in uncomfortable anticipation for a notification from Facebook that their personal data had been acquired and sold by Cambridge Analytica.
As it turns out, CEO Mark Zuckerberg himself may have gotten one of those automated warnings, because his personal data was included in CA's roundup, too.
During Zuckerberg's second day of questioning on Capitol Hill, California Democratic Representative Anna Eshoo asked, "Was your personal data included in the CA breach?"
"Yes," Zuckerberg simply replied.
Zuckerberg didn't elaborate more than that during the exchange with Eshoo, including how much of his personal data CA obtained.
Unless Zuckerberg himself took the infamous “thisisyourdigitallife” quiz, which we find to be unlikely, the CEO is probably Facebook friends with someone who did take the quiz.
So, CA may have obtained Zuckerberg’s data through the privacy loophole that his own company left open.
Lots of questions, unsatisfying answers
When Zuckerberg finally responded to the CA scandal a few weeks ago, he promised his company would take “responsibility” to ensure that “there aren't any other Cambridge Analyticas out there,”, and to ensure “transparency” about future fixes.
But when faced with Congressional questions, Zuckerberg has been anything but transparent about how much responsibility his company should face for the ongoing scandal, which has led to some awkward exchanges.
Representative Eshoo, following up on her question about Zuckerberg’s personal data, asked if he is “willing to change your business model in the interest of protecting individual privacy?” Zuckerberg responded, “I’m not sure what that means.”
When New York Representative Paul Tonko asked if Facebook should “bear the liability for the misuse of people’s data”, Zuckerberg responded that the company takes “responsibility”, but refused to claim his company was liable, stating CA was solely at fault.
In other words, Zuckerberg has taken some blame, but he doesn’t want his company to be sued for its actions (or inaction). He just want to self-regulate problems as they arise.
Colorado Representative Diana DeGette listed out several other infractions and lawsuits Facebook has faced, including its 2011 FTC settlement settlement to protect user privacy, and asked if Facebook has been punished financially for its past mistakes. Zuckerberg responded that he couldn’t remember.
"We continue to have these abuses and these data breaches, but at the same time, it doesn't seem like future activities are prevented," DeGette responded.
She said that “robust penalties” for breaches like Cambridge Analytica’s could be put in place, even for “first-time violations”.