Need Legal Help? Call Now!
Business Legal News

Attorneys Matt Staub and Nasir Pasha examine Mark Zuckerberg's congressional hearings about the state of Facebook. The two also discuss Cambridge Analytica and the series of events that led to the congressional hearings, the former and current versions of Facebook's Terms of Service, and how businesses should be handling data privacy.


NASIR: Welcome to our podcast!

My name is Nasir Pasha.

MATT: And I’m Matt Staub. We’re two attorneys with Pasha Law, practicing in California, Texas, New York, and Illinois.

NASIR: And this is where we cover business in the news with our legal twist.

Today, we’re covering – well, I mean, this has been a pretty big news week when it came to terms of service. I think, Matt, you put it well. What did you say to me? This was like the… I’ve just got to pull that message up.

MATT: Yeah, I’m trying to think. It was something along the effects of “this is the most riveting terms of service discussion I’ve ever seen” or something.

NASIR: And it was!

What he was referring to, of course, was Mark Zuckerberg appeared before both the Senate and the House. I can’t remember which committee. He basically put himself in front of congressmen to ask him a bunch of questions.

I’m sure everyone heard about it. There was a lot of interesting angles that everyone kind of took. You know, people were really focusing on how the congressmen didn’t know what Facebook was really and it was shown by how they asked the questions and so forth.

I think, for our purposes, we’re really focusing on this privacy policy, the terms of service, and how that relates to actual businesses that also run online businesses – whether it’s a social media site or something else.

MATT: Right. I mean, any online site should have terms of service and a privacy policy, too. They’re required to in some states. But, yeah, terms of service can make or break a lot of online companies and I don’t have any numbers. They probably don’t even exist, but I’m very curious on what percentage of companies even put a lot of thought into their terms of service.

Real quick, let’s rewind or let’s explain how we got here and how Facebook got here.

Basically, this is an issue with how Facebook handles personal data of users. What happened was Facebook – I’m sure many listeners have heard – Facebook allowed a third-party developer to access the data of roughly 87 million people, then they turned around and sold it to Cambridge Analytica, a voter profiling company. It then was used by the Trump party and presumably winning the 2016 election. I think that aspect of it is what have gotten people really upset about this. Obviously, they’d be upset otherwise, but that last component of it with the Trump presumably winning the election because of this company collecting the data or getting access to the data, I think that’s a big reason why this is such a hot topic right now.

NASIR: Yeah, I would assume, if the results were a little bit different – who knows? Perhaps there may have been a little bit of a different pushback.

You summed it up pretty well, and I think that’s how everyone is kind of presenting it, too. But I really feel it’s not a fair characterization of what exactly happened.

MATT: I think one critical piece – specifically to Zuckerberg being there – was he wasn’t subpoenaed to be there.

NASIR: Yeah, it was voluntary.

MATT: I believe he wasn’t under oath either. He could leave. I mean, he was there for how many hours? It was over two days, right? Was it ten hours total or something? But he could leave any time he wanted, and I think this is more of a PR thing for Facebook more than anything else because there’s no legal requirement for him to be there and say these things.

NASIR: I wouldn’t be surprised if he didn’t voluntarily go. He may have been compelled to go.

Everyone saw this was kind of a lot of pressure for him to do something. The question was asked, “Are you going to testify?” And so, it made sense for him to voluntarily do this.

I found these dates. I think this is important.

Back in 2010, Facebook launches what they call Open Graph. Now, most of you guys probably have never heard of that unless you’re in social media marketing or you’re in the developments of Facebook apps or related apps. It was at this point where Facebook actually made available to third-party apps with permission of the users on a per app basis.

Basically, if you sign up with one of these third-party apps, things like your username, your gender, location, et cetera would be shared with that app. By the way, even political preferences. And so, you could see how some apps would actually be a utility because, for example, someone would build an app like “Are you to the right or the left?” and they would ask you a bunch of survey questions to tell you which candidate you’re most familiar with. You’ve seen those kinds of things online. Or it’ll be even stupider than that. I’m trying to think of something silly. “Which Office character are you most like?”

MATT: We were thinking the exact same thing there.

NASIR: Okay. That’s a little sad, but that’s okay.

That happened in 2010. But, as users and people started to realize what kind of information that is being exposed, in 2014, they changed the rules a little bit, specifically to address an issue where basically your friends that you’re friends with on Facebook, their data is not accessed by third-party apps just because you signed up on them, and that was in 2014.

This is what I think is crazy. A third-party app ran by Cambridge was called This is Your Digital Life. I vaguely remember it. I can’t remember exactly what it did, but what it did do though is ask a bunch of questions. It did expose your data and almost 300,000 users actually paid to get the psychological test. You take 300,000 users and multiply that by their friends, you can get an idea of how much data they were actually able to access.

Apparently, when these rule changes in 2014 occurred, they didn’t retroactively apply and so forth. And so, again, even though precisely everything that Matt said and how people are describing what happened is accurate, it is I think important to understand that some of the information was just voluntarily provided. I guess the question is, “Is it fair to allow people to remain naïve that their information is going to be shared?” and “Who bears the risk of that?” I think that’s the real conversation that’s going on.

MATT: Right, and I think I’m in the minority on my opinion on this, and it may be just because we draft the stuff all the time and just see and maybe think differently or the way I approach it is different because, you know, let me say a couple of things here. I think Zuckerberg even mentioned this. Pretty much no one reads the terms of services. I think that’s a given – not even just on Facebook, but just in general – like, any terms of service.

NASIR: Even lawyers don’t. You know, it’s a joke. Like, “No one reads it except lawyers do.” I don’t think lawyers do either – except maybe if you’re drafting them.

MATT: Yeah. I mean, really, unless I’m drafting it or reviewing it, I think that’s pretty accurate from my perspective.

No one’s reading these things and it is just kind of implied that stuff’s going to be in there and you might not agree to it but you’re just going to go along with it. But my whole thing is, if you don’t like it, then just don’t use it. If you don’t like what Facebook is doing, you can just leave Facebook. I mean, it’s not like it’s providing that much utility for a lot of people. I mean, maybe it is, but that’s one way I see it.

On the flipside, the way Facebook went about it, whether it was legal or not, I mean, the ethical side of things I think is a little bit questionable. Some of the items that were discussed at the hearing when Zuckerberg was asked questions I think addressed that, and we can get into that piece later. But, yeah, that’s just kind of where I stand. I’m a little bit on both sides of the fence, but I’m leaning more towards, at the end of the day, the users are the ones that are providing the information and agreeing to continue to be on Facebook. But it’s not that easy.

NASIR: Yeah, I know. I am, of course, in agreement and probably also in the minority. Or not.

I’m sure that a lot of people also understand. Again, I’m sure there’s a big segment that don’t or did not. Maybe after today they do.

Understand that when you’re on any kind of social media site or anything online, there’s some assumption that whatever information you’re showing them or providing to them is stored and they know that about you.

What I think is that sometimes the challenge is people don’t realize how much little tidbits of information can expose so much of your privacy in the sense that people don’t realize that the time of day and the website that you visit and what you search for or what you click on or who your friends are, all these things are data points that really build a profile of yourself that may or may not be what you want other people to know about. I think that’s what’s a little scary for people which is understandable.

MATT: I should say too that I believe there’s also instances of Facebook sharing personal information when people are not giving permission, or they weren’t supposed to. Obviously, if that’s the case, it’s clear cut that I don’t agree with that, but I’m just talking more the general, if you agree to sign up for some – well, I was going to use the example of Instagram, but I believe they’re owned by Facebook, so maybe that’s not the best example – and who else?

NASIR: WhatsApp.

MATT: Yeah.

NASIR: A senator asked an important question. I think was a senator who asked the important question of whether or not Facebook uses the messages between users on WhatsApp to actually generate advertisements. I think that would be concerning. Zuckerberg specifically said that’s not the case, and that those messages are encrypted. And so, there is some kind of separation. I remember when Facebook bought WhatsApp. That was a major concern by the public.

One more thing about the hearing is you mentioned people can leave Facebook and that’s true. That’s why I don’t think the congressmen did a very good job in pinpointing some of the actual real legal issues because I think one of the issues that people have been kind of pushing for – and I don’t necessarily agree with it – is, “Should we treat Facebook as a utility?” I think Ted Cruz did ask about a monopoly, but I think that’s a little bit different, but to the extent that it needs to be regulated because of basically the necessity that it has.

It’s not like cable TV. It’s not like power. It’s not like water. You can withdraw from it. Those that are addicted to Facebook, you know, there is a way. Trust me.

MATT: The monopoly question was interesting. I saw that as well. Zuckerberg was asked if he thought Facebook was a monopoly. I believe he said, “It sure doesn’t seem that way or feel that way.” I know some people disagree with that, but you know, monopoly of what? If it’s social media, obviously, no. I mean, there’s other avenues.

At the end of the day, I know some of it is business pages and public figure pages and things like that, but the majority of users are just normal people having their own personal page. I mean, at the end of the day, that’s what it boils down to. It’s a way to communicate with people and post photos, I suppose, and other things like that. Is it a monopoly? I don’t see it.

NASIR: It seems like a stretch.

Most people have Facebook and a different account. It’s not as if everyone just has Facebook. Of course, Facebook is not the same as Twitter and it’s not the same as Instagram. I think, the older you get, the more you like to group everything together, but there are some substantial differences – whether it’s the community or how you present data – it’s a substantial impact.

MATT: This isn’t

NASIR: That’s our second Office reference. I think we have to stop now.
Let’s get to some of the legal aspects of this.

What I find interesting about this topic is that terms of service and a privacy policy is a site’s opportunity to create their own world. There is not a lot of regulation when it comes to what you can and can’t do within your terms of service and privacy policy. I mean, within a normal degree of rational thinking as to what you can include in there. There’s obviously some things that are pretty clear like when you’re collecting information from children under the age of 13, then it’s a whole different issue. Or whether or not you have to disclose certain things like if you’re selling data and so forth.

But what’s crazy about this with Facebook and so forth is you can create your own world – which Facebook has done – and set your own rules. If you do not want, like, in Facebook’s instance, if you don’t want hate speech on your site, if you don’t want nudity or other explicit material on your site, you can do that. If you want to do the opposite and allow hate speech and these kinds of things, you can do that, too. It’s kind of a crazy world.

And so, that’s kind of the question going on. Should they be self-regulating and so forth? Obviously, if they had a social media site that had this explicit material, for example, or allowed people to post and basically harass people online and things of that nature, it wouldn’t be a welcoming environment for users to go to anyway and it’s not a profitable business.

And so, I think that’s kind of Zuckerberg’s perspective when he kind of pushed back on some of the questions last week.

MATT: Yeah, they were hitting him pretty hard on the regulation. I mean, like you said, they’re basically self-regulated right now. I think the one question in particular that he was dealing with a different policy for 16 and under or under 16 or something like that.

NASIR: Yeah, they wanted to do a privacy policy that’s different or some kind of codified policy that protected minors under the age of 16 which I’m not sure why that age and why not 18?

MATT: Why not 13? Why not 18? 16 just seemed like a random age.

Like you were saying, this is the opportunity for the business, the website to set the terms. The way to think of it is a contract. And so, what you have in the terms of service and the privacy policy, those are the terms and, as the website you have to follow them. I mean, I don’t want to make it sound that simple, but it really is. And so, that’s why I think a lot of people had problems with Facebook’s previous policy. We’ll get into the new terms they just created as of a week or two ago. But, in the old version, this was pulled from the hearing…

“Lindsey Graham held up a stack of papers, the Facebook terms of service and, after reading some excerpt from it said, ‘I’m a lawyer and I have no idea what that means. Do you think the average consumer understands what they’re signing up for?’” That’s fair. I think I was touching on that earlier. You know, no one’s going to read this, but even if they do, a lot of people don’t even understand it. Apparently, even the senator.

NASIR: By the way, Ted Cruz is an experienced lawmaker and lawyer.

MATT: This is Lindsey Graham.

NASIR: Oh, okay. Same thing, actually.

MATT: Yeah, John Kennedy said, “Your user agreement sucks!” You know, it’s this very comprehensive thing that any user would have to come through.

Like I said, even just to get through it is going to take time. To fully understand what they’re saying, I mean, anyone that’s read these things, you know, people are going to give up on it pretty quick. That’s just the nature of it. I think that’s the big issue that a lot of people had. It’s hard to decipher what was in here.

Facebook’s stance was, “Anyone that wants to read the terms of service, go ahead.” I think Zuckerberg said – I’m trying to remember the first line they had in there, but it was something of – “the information we choose to collect…” but something in the beginning was like, “We choose to collect this information, don’t choose to collect this. If you don’t like it, you can leave the site.” Something to that effect.

Again, it’s definitely not that simple if you go through it and read the actual terms of service.

NASIR: Yeah, absolutely.

Interesting, when you say don’t understand, it is interesting because there is a push among some sites that try to present their terms of service in the most easily readable fashion. If they don’t do that, what they do is they write up a summary for it.

In fact, there’s actually a site, in case you guys are interested in this stuff, it’s called and it stands for Terms of Service Didn’t Read. It’s an interesting site because they basically say, “I have read and agreed to the terms is the biggest lie on the web. We aim to fix that.” What they do is they give different classes and grades to terms of service. They also try to summarize some of the salient terms for you. They have plug-ins and things like that.

I’m not trying to promote them. I don’t know if they’re a for-profit or not. But the point is that there are tools that do this. Frankly, these are things that should be done anyway.

When lawyers draft contracts in a convoluted way, a complex way – and we’ve talked about this, many times in the past – oftentimes, attorneys do this frankly to make it more complex than it needs to be. You know, we’re trying to create jobs for ourselves.

Also, sometimes, it’s used as a tool to hide certain terms. Just to be frank, that’s just what it is. If you had a term that you don’t want to focus on, you bury it in the agreement. Frankly, attorneys, we do that all the time. And so, the more complex you’re making it, then you’re basically giving into that culture. If you want to perhaps consider a different culture for your website, it might be something to think about.

MATT: Yeah, and you’re exactly right. I was going to say that as well. You know, oftentimes, you have these very convoluted, complex terms of service, there’s a reason that’s the case. Usually – and I don’t have any data to back this up, but I would speculate that – a lot of times, there’s something that they are trying to hide in there, one way or another. Maybe it’s something not that egregious or maybe it’s something that people, if users actually knew about, would really affect their decision to continue to use the site. Again, going back to what Facebook was saying, “It’s all there. You should read it.” I think that’s one of the things that Zuckerberg got grilled for.

You have to think that this is the average person using this and reading it. That has to be factored in. This isn’t even like a business sophistication. This is literally everyday users from children to seniors to all different countries. It’s definitely not as easy as you wanted to see in here.

NASIR: I actually like the idea of implementing laws for sites. I don’t think every site should do this because I think it would be too prohibitive. But, if you have a site of a certain size – whether it’s social media or otherwise – and you are collecting private data up to a certain number, then I do think that you can require your terms of service to be written in plain English and make that a requirement. They already have that, and this is a little bit in the weeds here, but if you have a health insurance plan with your employer, the actual plan benefit terms have to be written in a way that the average plan participant can understand the language, and that’s an actual law under ERISA that’s required. And so, that kind of requirement to terms of services, you know, it’s still easy to just implement that and it’s not that hard to actually present that from an attorney’s perspective to actually revise your agreement to actually be understood.

MATT: Exactly.

Real quick, we’ll go back to what Facebook did here. Like I mentioned before, they actually revised their terms of service. I believe it had been over three years since the last time they revised it and I didn’t obviously go through and compare piece by piece, but some of the things that stuck out.

The data policy has some more details. It explains a couple more things such as, in the previous version, I do not believe mentioned Instagram at all. The new one has in excess of 30 mentions of Instagram which I think you mentioned this a little bit before. Is there any connection between the two?

NASIR: Probably, yeah, it makes sense.

MATT: Now, it’s mentioned over 30 times.

Let’s see. Actually, it says, “…including the fact that Facebook might use your Instagram activity, i.e. who you follow, to recommend stuff to you on Facebook, i.e. groups you should join.”

NASIR: I was going to say that’s probably more transparent than a lot of these other guys.

MATT: For sure.

NASIR: You know, you have a site that actually sells your data to these marketing networks.

You know, everyone’s experienced this anecdotally but, if you search on Amazon or on another shopping site, “engagement rings,” you will be seeing engagement rings everywhere – on every site. It’s because all of a sudden you get tapped into a specific ad network that has ads across multiple websites, then that’s how your data is being shared. And so, you know, the fact that they’re disclosing that is probably, again, more transparent than a lot of these other sites do.

MATT: Yeah, and I don’t want to bore the listeners here, but just another one in here.

NASIR: I’m listening. I’ll let you know if I’m bored.

MATT: The new policy says that Facebook can collect contact information if you choose to upload, synch, or import it – we’re talking an address book, we’re talking a call log, we’re talking an SMS text log. The old version didn’t mention that.

Basically, what they’re saying is, “We’re not asking for new rights to collect, use, or share your data on Facebook. We’re also not changing any of the privacy choices you’ve made in the past.” I think they’re just trying to, like you said, be a little bit more transparent about how they’re going about this as opposed to how it was over three years ago when it was last updated and why Zuckerberg was in front of Congress this past week.

NASIR: Yeah, and keep in mind when it comes to the privacy policy, when you guys are drafting your own or having your council do it, of course, again, just going back to the top of the show, you don’t have a lot of restrictions in the sense that, if you want to say that you’re going to collect all the data and sell it, then you can do that.

Now, whether or not people push back, especially if you have so many eyes on you like Facebook does, and I think that’s what happened. I mean, I remember this discussion of privacy policy in terms of service where Facebook has been a long discussion. I mean, let’s just cut to the chase. I mean, Facebook is probably the first company to be under such scrutiny because you don’t have the same data collection from Amazon. Well, you do now, but the same kind of sensitivity. You’re not uploading personal pictures of your children on Amazon. Even with Google – you know, the Google searches are very personal, but Facebook is something completely different. Because of that, it has gone through many, I remember every time Facebook would change their privacy policy, it would be heavily scrutinized, and everyone would be posting about it and talking about it.

But the reality is they were adjusting to being actually more specific and covering themselves because, in the early stages, they made it very general. It was like, “We’re going to basically take your data and do whatever we want with it.” It became what it is now – to be a lot more subtle, to draw their own lines what they will or will not do based upon the feedback they’ve received from users.

MATT: What do you think? Do you think we’re going to see some sort of regulation? You mentioned a little bit earlier, you wouldn’t mind seeing something.

NASIR: Yeah. Again, I haven’t given my personal assessment, so I’m just kind of regurgitating what other people have said – like, most people, frankly. From what I’ve heard, people are receiving the Facebook or Zuckerberg’s testimony well. Some evidence of that is that, the next day, Facebook stock is still up.

MATT: It went up, yeah.

NASIR: It increased, right?

MATT: Yeah.

NASIR: Whether that continues or not, we’ll see. That gives some indicator of what the market thinks. I feel like, if there was some kind of fear of regulation that the market would not have reacted that way. Second, I don’t think that there is a desire to do that. People care about data being sold, but I do feel that, at the end of the day, people are going to be self-aware and responsible for themselves. Forget about self-regulating. They’ll be responsible. “If I’m going to be participating on an online form and sharing this data, I’m going to have to change my expectations of what’s going to remain private.” As sophisticated users in the past – and you and I just talked about how we’re lawyers, we have maybe a little bit better understanding of what these terms of service do – we still participate in social media and we know that these guys know quite a bit about us, but maybe we don’t care. Maybe we have a better idea of what that actually means.

MATT: Well, I challenge you on that because I don’t know if you even knew about this, but I recently did this. You can request to download all of your data from Facebook which I did.

NASIR: Was it scary?

MATT: It could definitely be scary. I’ve never been an incredibly active user of Facebook. You’re probably like me in that we were early adopters of Facebook just because, at the beginning, it was only certain people could access it to begin with.

Our data goes back all the way – I think it was about 2006. I’m trying to remember. It was something around there. But I was going back, and I downloaded the data. It emailed it to me. I requested it and they emailed it to me. I downloaded it. I was scrolling through and it has everything that I’ve done or that someone’s posted on my wall or something for the entire time that I’ve been on Facebook – over ten years of data that they sent to me.

I think the scary part is probably the one where it tells you what ads or what advertising groups were targeting you and companies and things like that. I don’t know.

NASIR: That would be interesting.

MATT: You should try it and see what comes up.

NASIR: How do you do that?

MATT: Let’s see.

I think it’s pretty simple. I think you just go to the top right where it says Settings. At the bottom, there’s a couple of options, and one of them says Download Your Data. You hit that. Like I said, they’ll email you when it’s done and then you download it.

NASIR: I think I just accidentally forwarded it to Russia. Oops!

MATT: Can we talk one funny thing? Well, there’s a couple of funny things, but the thing I found funniest about the hearing was he had all these canned answers to questions and he had this two-page book or two pages of notes that he had. They were talking about data privacy and then he gets up and just leaves it wide open. Somebody took a photo of it. It got all of his canned answers on there. It was nothing too crazy, but it was just funny how the whole hearing is about privacy. It’s the equivalent of leaving your Facebook page open when you’re in college and your roommates come in and just mess with it which happened many times – both to me and by me. That’s basically what we had here with Zuckerberg at the Congressional hearing.

NASIR: That’s funny.

Well, I think the second thing which you were going to mention was the booster seat, right?

MATT: Yeah.

NASIR: That was pretty funny.

MATT: Yeah, how tall is he?

NASIR: I don’t know, but he’s not short enough to actually need that.

MATT: Yeah, I didn’t really get it.

NASIR: I guess the first day he had a booster seat in front of the Senate. In front of the House, he didn’t have it for whatever reason – possibly because of all the internet memes that went out that same day on Facebook.

MATT: It was very robotic.

NASIR: Even in my office, I was in the kitchen and people were watching, ironically, the hearings on Facebook. I thought that was funny.

MATT: Yeah, it’s certainly interesting. Like you said, his net worth went up because stock went up. I guess it was a win for now. Like I said, we’ll have to see how this plays out. Obviously, this is not finalized by any means. But, from a business owner’s perspective, I think the message is pretty clear that – again, we’ve said this 50 times – whatever you have in your terms of service or your privacy policy, you just have to follow those guidelines. You set the terms.

Let’s see one of his canned answers. “We set the terms and you control what you provide to us.” That’s basically how it is from a business owner’s perspective. You set the terms. Just follow it. If a user doesn’t want you to share their data, they’ll let you know, and you have to follow that.

NASIR: That’s really the danger of using canned terms of service, too. Business owners tend, you know, to cut it short, they copy and paste and so forth. It may or may not be a good fit for you. They really don’t spend time thinking about the actual business terms that you want to consider. This is whether you’re selling products or services online or you have some kind of online review site or have a social media community.

Really, you need to sit down and think about – or a subscription box, that’s a common client of ours, a subscription box business – you know, how to deal with returns, how to deal with customer complaints, whether or not you’re going to actually save any kind of data, for example, of even prospective users – whether you’re going to be able to email them newsletters, et cetera. These are all things that can be easily addressed in your terms of service.

MATT: Exactly. I can’t emphasize that enough.

NASIR: Very good.

I’m trying to download my Facebook data. If I get it, I’ll forward it to you.

MATT: It’s very riveting. Like I said, the ad stuff, I didn’t really care about. I didn’t go through detail.

NASIR: Really? I think that’s the only thing I’m really fascinated by.

MATT: More so, I saw everything that people had posted on my wall and I go back seeing stuff. I was sending it to some of my friends. It’s basically almost reminiscing. We can just remember exactly what the circumstances were that one of us posted something like that. I don’t know. It’s pretty entertaining, for sure. Probably the most use of Facebook I’ve had in I don’t even know how long.

NASIR: Very good.

Okay. I think that’s our episode for today.

Thanks for joining us all!

MATT: Keep it sound and keep it smart!


Protect your business with an on demand legal team

Learn More About General Counsel Select

Legally Sound | Smart Business covers the top business stories with a legal twist. Hosted by attorneys Nasir N. Pasha and Matt Staub of Pasha Law, Legally Sound | Smart Business is a podcast geared towards small business owners.

Listen to our Podcast!

Legally Sound
Smart Business
A podcast covering business in the news with a legal twist by Pasha Law PC
Legally Sound Smart Business Logo
Pasha Law Microphone
Pasha Law Microphone