Facebook to start vetting UK ads this week

28 November 2018 11:42am

27 November 2018. By Sam Wilkin.

Facebook will start to vet adverts in the UK this week, an executive told a hearing in the UK Parliament attended, exceptionally, by lawmakers from eight other countries.

The US social-media company is also applying EU privacy standards around the world, said Richard Allan, its policy director for Europe, despite questions about whether Facebook’s use of data belonging to non-users of its service complied with the General Data Protection Regulation.

Whether Facebook complies could take “two or three years” to determine, he said, because of a lack of clarity about how “consent” is defined under the GDPR, which came into force in May this year.

Allan, who is also a lawmaker in the UK’s upper unelected House of Lords, appeared today in front of a House of Commons committee to answer questions about Facebook’s role in electoral interference in democratic countries, and in the spread of misinformation online.

Facebook’s founder and chief executive Mark Zuckerberg was notably absent, drawing criticism from many of the lawmakers present.

Damian Collins, the chair of the House of Commons’ digital committee, said Facebook’s evasiveness had caused a “massive breach of trust” with users and legislators. “We’re seeing a consistent pattern of Facebook failing to disclose relevant information of considerable public interest when you’re asked questions about things like Russian activity,” he said.

Information about Facebook’s awareness of Russian interference in elections came into the public domain “because of a separate investigation, not because of the multiple hearings that the company has attended where it’s been asked these questions,” Collins added.

Allan replied that Facebook’s policy “at the moment” is to publish “confirmed information” of attempted electoral interference once it has gathered and understood that information. “Over the last few months we have published several quite extensive reports” on both Russian and Iranian attempts, he said.

Vetting ads

Facebook is implementing a three-stage vetting process for ads to help track and prevent electoral interference, Allan said. First, all Facebook pages will show what ads are running. “That helps watchdogs — if you think a political party is running ads inappropriately, you can go and look and flag that.”

Second, Facebook will authorize all advertisers to check they are who they say they are and are living in the relevant country. Finally, all ads will be kept in an archive for future reference.

The system is being implemented at different times around the world, Allan said, because of difficulties in “doing the authorizations, and understanding what constitutes the right kind of legal documentation in every country in the world. We have a rollout plan; we’re going as fast as we can.”

He didn’t say when the system would be fully implemented and didn’t address Irish lawmaker Eamon Ryan’s assertion that he wanted to see it implemented in Ireland by Christmas.

But Allan said the system was coming into force in the UK this week.

“As of this week, any organization that wants to run ads like that will have to authorize, we will collect their identifying information, they’ll have to put on an accurate disclaimer, their ads will go in the archive,” he said, in response to a question about recent anonymous political adverts in the UK related to a recently-agreed Brexit deal.

GDPR and consent

Allan also said that Facebook was complying with the GDPR in Europe, and adhering to the same standards around the world.

“The tools that we’ve built, the system that we’ve built we believe is GDPR-compliant, and it’s the system that’s available everywhere,” he said.

Several lawmakers asserted that Facebook wasn’t complying with the rules, which say that a company must have “freely-given, specific, informed and unambiguous” consent to process a citizen’s data, unless it has another basis to do so such as complying with the law.

Facebook fails to do this when it gathers data related to non-users, said Belgian lawmaker Nele Lijnen. “This is a clear invasion of privacy,” she said.

Allan acknowledged that Facebook holds certain data related to non-users. It can hold contact information for non-users when that information is uploaded by a Facebook user, he said, to allow the company to suggest a connection “when one of those friends joins the platform.”

And it can hold information about IP addresses, which track the physical location of users accessing Facebook and other webpages where it has a plug-in such as a “like” or “share” button. This is “mainly for security purposes,” Allan said.

He added that it could take up to three years to know whether Facebook’s systems are compliant with the GDPR, alluding to broader concerns over how effectively the sweeping regulation is being implemented and enforced.

“We’ll understand fully what it means, what consent means, what all these questions mean over the next two or three years,” he said. “I’m confident that a number of test cases will be around Facebook, but it’s also important to note that the technologies we use are pretty industry standard.”

He also stressed, in response to an earlier question by French lawmaker Catherine Morin-Desailly, that Facebook doesn’t use non-users’ data to make money or serve them with advertisements.

“We don’t create shadow profiles,” he said.