Facebook and regulators seems like they can’t get enough of each other. Facebook has been dealing with a lot of regulatory pressure due to the continued scandals, leaks, etc. And recently Facebook CEO, Mark Zuckerberg, received a letter from the Senate banking committee requesting details of Facebook’s upcoming cryptocurrency payment system. All of this started after a Washington Post article revealed that Facebook is working on the project.
The Senate banking committee’s obsession with payment gateways and privacy concerns started after the Equifax hacks and data leak. Until then, this was the sphere of least interest. “In the year and a half since the Equifax breach, the country has learned that financial and technology companies are collecting huge stockpiles of sensitive personal data, but fail over and over to protect Americans’ privacy. Outdated privacy laws don’t address the complex surveillance schemes these businesses profit from today,” said Brown, a member of the Senate banking committee. Given the exponential growth and use of data, and the corresponding data breaches the government should especially be worried about what data is contained in modern consumer reports, how the information is gathered, who compiles it, how it is protected, how consumers can access it and correct it, and how privacy is respected.
The letter was basically a set of seven question, to which the committee was seeking answer from the CEO of Facebook.
- How would this new cryptocurrency based payment system work and how has the company consulted with financial regulators to ensure compliance with legal and regulatory requirement?
- What are the privacy and consumer protection user will have under the new payment system?
- What are the consumer financial information Facebook has received from financial companies?
- How are the consumer financial information stored, how is the data being used and how does Facebook safeguard the information?
- Does Facebook share or sell any consumer information(or information derived from consumer information) with unaffiliated third parties?
- Does Facebook have any information bearing on an individual’s (or group of individuals’) creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living that is used (either by Facebook or an unaffiliated third party) to establish eligibility for, or marketing of a product or service related to, (1) credit, (2) insurance, (3) employment, or (4) housing?
- How does Facebook ensure that information being on an individual’s (or group of individuals’) creditworthiness, credit standing, credit capacity, character, general reputation, and/or personal characteristics is not used in violation of the Fair Credit Reporting Act?
The committee aims to achieve the following goals after such inquiries and consultations.
- What could be done through legislation, regulation, or by implementing best practices that would give consumers more control over and enhance the protection of consumer financial data, and ensure that consumers are notified of breaches in a timely and consistent manner?
- What could be done through legislation, regulation, or by implementing best practices to ensure that financial regulators and private financial companies (including third-parties that share information with financial regulators and private financial companies) to provide adequate disclosure to citizens and consumers about the information that is being collected about them and for what purposes?
- What could be done through legislation, regulation, or by implementing best practices to give citizens and consumers control over how financial regulators and private financial companies (including third-parties that share information with financial regulators and private financial companies) use consumer data?
- What could be done through legislation, regulation, or by implementing best practices by credit bureaus to protect consumer data and to make sure that information contained in a credit file is accurate?
- What could be done through legislation, regulation, or by implementing best practices so a consumer can easily identify and exercise control of data that is being (a) collected and shared by data brokers and other firms and (b) used as a factor in establishing a consumer’s eligibility for credit, insurance, employment, or other purposes?
All of this started after a Washington Post article. It should be kept in mind that the company has not even officially confirmed the project. Internet tech giants have a lot of projects they try out, many of them outlandishly infeasible but nevertheless only a few make it to real-world application. A company like Facebook will never go into releasing a product without required regulatory approval. This goes to show the level of paranoia that US regulators have when it comes to dealing with crypto. They should have at least let Facebook make a formal submission for regulatory approval before asking such questions. The planning is still still on the drawing board and the product might end up being totally different when it gets released. This a clear overstepping of jurisdiction, the request doesn’t even mention under what law or statute is the request being made, put simply we have no idea how such a request can be made to a company in such a manner. How the committee has jurisdiction in this matter other than the sharing of information with financial companies is unclear.