When Mark Zuckerberg testifies before Congress this week, there's only one thing he can say that would matter

Facebook founder and CEO Mark Zuckerberg is reportedly undergoing intense preparation for his back-to-back congressional hearings this week, with teams of advisers coaching him on how to appear contrite and deferential. But when he sits in front of the Senate Judiciary and Commerce committees on Tuesday, he doesn’t really need to worry about any of that. Heck, he doesn’t even need to put on a tie. Show up in a hoodie and urge Congress, unequivocally and without caveat, to adopt regulations mirroring a new European data and privacy law, and he can hop the next flight back to California.

The new European Union rules, which go into effect this month, are based on the premise that we all have a broad right to control data about ourselves. We should have a right to know what data companies have about us, how it will be used and with whom it will be shared. We should be able to take our information from one company and give it to another or to have it deleted altogether. Presenting users with massive, legalistic privacy policies that cover myriad situations won’t cut it. Users will have to be given clear and specific yes/no questions about whether they consent to share their data, and companies will be required to report breaches within 72 hours. There are and have to be some obvious exceptions to the rules related to public and historic records and journalism, but in the wake of the Cambridge Analytica scandal, Facebook and companies like it need to follow rules that protect their customers, not business models that treat them as exploitable commodities.

The fact that Cambridge Analytica is connected to Steve Bannon and the Trump campaign is not really the shocking part of this story. It’s that what the firm did — luring users into downloading apps that enabled it to scrape data from millions of those people’s online friends — was the norm. Facebook officials now say that most of its 2.2 billion users had their data scraped by third-party apps at some point. The company says it has closed loopholes that allowed that to happen, but the fact that it did in the first place is the logical extension of its strategy to put Facebook’s growth, reach and ubiquity ahead of all other considerations. Europe isn’t going to allow the company to get away with that anymore, and neither should the U.S.

Mr. Zuckerberg has kinda sorta promised those kinds of protections for people outside the EU, saying that some form of the European policy standard will be available globally. But he has dodged questions about what, exactly, that means.

Fortunately, getting tough on Facebook appears to be one of the few things Republicans and Democrats in Congress can agree on. Sen. John Kennedy, a Louisiana Republican, said on Sunday that he sees Facebook’s problems as potentially being too large for the company to fix, suggesting that government regulation may be necessary. No kidding; we’re way beyond the point of believing that Facebook can operate by the honor system. The EU rules allow for fines of up to 4 percent of a company’s revenue for violations, which in Facebook’s case would be about $1.6 billion. The United States needs the same kind of regulatory muscle, and Congress needs to act fast to provide it before the next Facebook scandal erupts.

Become a subscriber today to support editorial writing like this. Start getting full access to our signature journalism for just 99 cents for the first four weeks.

Copyright © 2018, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad