SALT LAKE CITY — Following the revelation that personal data from some 50 million Facebook users ended up in the hands of political operatives, Rep. Chris Stewart, R-Utah, said Thursday he would like to see "more aggressive" government oversight of social media businesses.
He also wants the opportunity to speak directly with the company's founder and figurehead, CEO Mark Zuckerberg.
Stewart, a member of the House Intelligence Committee, said Facebook has opted to send attorneys or other staff to represent the company in previous committee hearings focused on the social media company's conduct and policy, but after the seismic fallout from the data mishandling, it is time for Zuckerberg to put in an appearance.
"I've been a little disappointed in who's been sent previously to represent various social media companies," Stewart said. "My position is that, for credibility, having the face of the company there answering questions is most appropriate. Obviously, Mark Zuckerberg is the person most closely identified with Facebook."
Stewart said the Facebook data debacle, which he characterized as less an information breach and more a reflection of failed company policy, is one with "tentacles that reach all the way into the U.S. election process" and for that reason, it is appropriate to consider what regulatory changes could help protect social media users from having their personal data inappropriately shared.
"Look, their entire business model is based on collecting and monetizing information," Stewart said. "There is nothing inherently wrong with that, but there should be a reasonable expectation of limits to when and how and what kind of information can be used by a third party."
Stewart underscored that he believes it's critical to not impede on the ecosystem of technology companies and that he admires how these companies were created "from the ground up" by entrepreneurs who have boosted the U.S. economy through advancing innovation.
"I want to emphasize that we don't want to, or need to, be the heavy hand or interfere with the business model," Stewart said. "But we can, and should, do something."
Stewart said while he is not aware of any currently proposed legislation, he is "not alone" among congressional colleagues in his concern about taking action.
While the U.S. has taken a mostly hands-off stance on applying regulations to company conduct on the internet, the European Union has been much more proactive and has a new body of rules, the General Data Protection Regulation, that includes some fairly stringent controls on the collection and use of personal data, going into effect in late May.
These include required notification of affected parties within 72 hours of a data breach incident, a "right to access" rule that elevates transparency by requiring data "controllers" to share, on request, what information they've collected on a requestor and a "right to be forgotten" rule which allows requestors to have their data file deleted for a number of reasons, including the decision to rescind consent.
Penalties for data handlers that breach the General Data Protection Regulation are stiff and can reach as much as 20 million euros or 4 percent of the offending company's annual revenues, whichever is greater.
Pete Ashdown, founder and CEO of Utah independent internet service provider Xmission, said while the new E.U. rules are admirable, it's important to remember that social media users are choosing to expose their personal information when they sign up, or opt-in, to use the platforms.
"Facebook is a company that earns their money by selling information about members to advertisers," Ashdown said. "Cambridge Analytica took advantage of that basis, and exploited it in a way that Facebook didn't expect. Whether you fault them or not, they saw the angle."
Ashdown said social media users need to "open their eyes a little wider … and really evaluate what they choose to share and post on Facebook" and other platforms. He also said that while previous government attempts at privacy assurances have fallen short, he would support an effort to bolster protections of digitally harvested personal information.
"I'm not sure what Congressman Stewart has in mind," Ashdown said. "But I would welcome any action. More transparency … and accountability is a good thing."