As Facebook CEO Zuckerberg Testifies to US Congress, Senators Introduce Privacy Bill of Rights

[Alpha1]

Tuesday, April 10, 2018

Washington (April 10, 2018) – With Facebook CEO Mark Zuckerberg testifying today in front of a joint hearing in the U.S. Senate, Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today introduced a privacy bill of rights to protect the personal information of American consumers. In the wake of the revelation that more than 87 million Facebook users’ private information was used by the firm Cambridge Analytica, a data analytics firm that worked with the Trump campaign during the 2016 election, the Senators introduced the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act, legislation that would require the Federal Trade Commission (FTC) to establish privacy protections for customers of online edge providers like Facebook and Google. In the last few years, Americans have suffered countless data privacy breaches impacting hundreds of millions of consumers.

“America deserves a privacy bill of rights that puts consumers, not corporations, in control of their personal, sensitive information,” said Senator Markey. “The avalanche of privacy violations by Facebook and other online companies has reached a critical threshold, and we need legislation that makes consent the law of the land. Voluntary standards are not enough; we need rules on the books that all online companies abide by that protect Americans and ensure accountability. I thank Senator Blumenthal for his partnership and look forward to working with my colleagues on a bipartisan basis to pass the long-overdue privacy bill of rights.”

“The startling consumer abuses by Facebook and other tech giants necessitate swift legislative action rather than overdue apologies and hand-wringing,” said Senator Blumenthal. “Our privacy bill of rights is built on a simple philosophy that will return autonomy to consumers: affirmative informed consent. Consumers deserve the opportunity to opt in to services that might mine and sell their data – not to find out their personal information has been exploited years later.”

A copy of the CONSENT Act can be found HERE.

Specifically, the CONSENT Act:

• Requires edge providers to obtain opt-in consent from users to use, share, or sell users’ personal information
• Requires edge providers to develop reasonable data security practices
• Requires edge providers to notify users about all collection, use, and sharing of users’ personal information
• Requires edge providers to notify users in the event of a breach
• Requirements are enforced by the FTC

Last month, Senators Markey and Blumenthal sent a letter to Facebook asking a series of questions regarding Facebook’s involvement in the collection of its users’ personal data and requesting that he testify on the matter before the Senate Committee on Commerce, Science, and Transportation.

https://www.markey.senate.gov/news/...d-blumenthal-introduce-privacy-bill-of-rights

 

[diadi]

Pretty scary these clueless old farts are making laws for things they simply don't understand.

....and where was all this concern for the consumer when the net neutrality stuff was going on?

 

[Maddox]

The bit I disliked about the interviews was when he said that users would be charged to use FB if the wanted total control over their privacy; I doubt that will sit well with people, but then if people start cutting off avenues of revenue someone will have to pick up the tab.

As for the Consent Act, it has been suggested that this is moving along similar lines as GDPR; welcome to the nightmare!

 

[we_are_borg]

GDPR is not a nightmare its a law that force people to think privacy first including how you design software, privacy always comes first. What is a nightmare is companies that have not acted when they should have, 2 years have past and only now there acting.

 

[PoetJC]

Specifically, the CONSENT Act:

• Requires edge providers to obtain opt-in consent from users to use, share, or sell users’ personal information
• Requires edge providers to develop reasonable data security practices
• Requires edge providers to notify users about all collection, use, and sharing of users’ personal information
• Requires edge providers to notify users in the event of a breach
• Requirements are enforced by the FTC

As Zuckerberg testified to though: most (if not all) of the requirements listed above have been implemented into their platform.
I mean - Even the forums I manage have implemented opt-in consent (upon registration) for basic data use, as well as having implemented reasonable data security practices, a list of all data collected and how it may be used... What it seems like the idiots in congress are trying to do is "act" as if they care, when really - the majority of them had no clue as to how FB and other social media platforms even work.

The breach of data ... Sure ... Users should have been notified immediately. But can we actually "BLAME" the social media providers, forum owners, etc... for the intentionally malicious theft of users data via hackers, script-kiddies and the like? I think that's what congress has aimed to do - but I don't think that's right at all. You cannot blame the woman who had her purse snatched or pockets invaded - you blame the thief.

IDK... Kinda confused as to what exactly congress is trying to do - other than to feign outrage as if they care. Meanwhile - no rush to implement common sense gun legislation? Yeah - kind of confused. And all I can think of is wow ==> Their priorities seem as messed up as mine were when I left highschool...

J.

 

[Maddox]

But can we actually "BLAME" the social media providers, forum owners, etc... for the intentionally malicious theft of users data via hackers, script-kiddies and the like?

YES! We can. In the instance of the current FB debacle it wasn't hackers or script kiddies, it was a legitimate (sic) company who scraped the data and the security employed (and scrutiny) of FB was left lacking. All SM have been running the internet as they saw fit with very little thought or effort to ensure that their users data was safe and their use of that data was legitimate. It's not JUST SM though, all big companies can be classed as useless when it comes to ensuring the safety of other people's data; we've had our fair share of this happening in the UK. But FB is global, it's bad enough when this happens in your own backyard, but globally it's a tragedy.

So YES most definitely we can blame these companies and they need to be brought to heel. I can't speak for your Congress as I have no dealings with them, but if they are anything like our own Parliament, then they are so far apart from the real world that they do knee jerk reactions to something that should be left to those in the know and let them be the panel that asks the questions and then guides them as to what should be done. They may be briefed, but that's not the same as 'knowing'. But we voted them in to look after our interests (at least here in the UK we did, as I say I know little or nothing about American politics) so they are the ones that have to be seen to be doing right by us.

Getting back to FB, I deleted my account long before this scandal occurred and would NEVER use SM again, because it's a fallacy to call it 'Social'.

 

[Maddox]

GDPR is not a nightmare its a law that force people to think privacy first including how you design software, privacy always comes first. What is a nightmare is companies that have not acted when they should have, 2 years have past and only now there acting.

I disagree with some of your first point - trying to work out how to comply with this new law is a 'nightmare', and not just for us forum owners. I have many clients who are spending time and money they can ill-afford attempting to work out what they 'have' to do and what they 'need' to do in order to comply. Just take a look at the questions being asked here on TAZ, on XF and IPS and there is still no clear answer to all those questions being asked, many suppositions and many contradictory answers, not to mention the various interpretations of what something actually means. Not only that, but as one question is, apparently answered, another pops up in reference to the one being answered and off we go again out in the not-so-happy-hunting-ground of legal jargon to see if the answer is there. Even clawing through the information on the ICO site is like a bad dream, only it's very real.

The second part I wholeheartedly agree with, companies that hold large amounts of data on people have been (I'm being kind when I say) lax and lacking in making sure that the data they have been entrusted with hasn't been looked after correctly. It's inexcusable when they have a serious data breach and it's discovered that the security they had in place was worse than what we use to protect our own individual computers; shame on them. But then we have to look on them with some modicum of pity because really they're just in it for the money and beyond those sights their vision dims, especially if they have to spend it on silly little things like security.

 

[PoetJC]

YES! We can. In the instance of the current FB debacle it wasn't hackers or script kiddies, it was a legitimate (sic) company who scraped the data and the security employed (and scrutiny) of FB was left lacking. All SM have been running the internet as they saw fit with very little thought or effort to ensure that their users data was safe and their use of that data was legitimate. It's not JUST SM though, all big companies can be classed as useless when it comes to ensuring the safety of other people's data; we've had our fair share of this happening in the UK. But FB is global, it's bad enough when this happens in your own backyard, but globally it's a tragedy.

So YES most definitely we can blame these companies and they need to be brought to heel. I can't speak for your Congress as I have no dealings with them, but if they are anything like our own Parliament, then they are so far apart from the real world that they do knee jerk reactions to something that should be left to those in the know and let them be the panel that asks the questions and then guides them as to what should be done. They may be briefed, but that's not the same as 'knowing'. But we voted them in to look after our interests (at least here in the UK we did, as I say I know little or nothing about American politics) so they are the ones that have to be seen to be doing right by us.

Getting back to FB, I deleted my account long before this scandal occurred and would NEVER use SM again, because it's a fallacy to call it 'Social'.

Hmmm. I can appreciate your sentiments. But I slightly disagree on principle:

You cannot blame the woman who had her purse snatched or pockets invaded - you blame the thief.

The misuse and really the scraping of data should be blamed on the person who found a loophole in which to abuse the system.
Again, as Zuckerberg testified to: they have implemented quite a bit of security precautions. He also admitted that there could have been more due diligence as for protecting folks' data.

It seems to me though, that other threads as regards this issue - that the entire blame is being put on the shoulders of Facebook and other social media sites, rather than the culprits who actually did the misdeeds! So I think there's an important distinction to be made. A piece I found particularly interesting:

Kennedy: "Are you willing to go back and work on giving me a greater right to erase my data?"

Zuckerberg: "Senator, you can already delete any of the data that's there or delete all of your data."

Kennedy: "Are you willing to expand my right to prohibit you from sharing my data?"

Zuckerberg: "Senator, again, I believe that you already have that control...."

Kennedy: "Are you willing to give me the right to take my data on Facebook and move it to another social media platform?"

Zuckerberg: "Senator, you can already do that...."

Clearly there should be additional precautions as for protecting data. But it's not like FB intentionally set out to sell your data. Well ... Persay anyway...
IDK.. As a fan of Facebook - I have a hard time understanding why blame the SM platform(s) for the misdeeds of others, when the platform has protections in place that were basically ran over and misused by intentionally malicious 3rd parties.

J.

 

[we_are_borg]

Granted the explanation of the law could have been simpler for normal people. But if they did that then bigger companies could have misused that by stating that it was written like that, laws are hard to read because a comma in the wrong place can alter the law. The GDPR was passed 2 years ago but companies like XF and IPS ‘never responded only to do so last moment. Now we get to a point that they need to implement design changes asap and we as customer have no idea if its correct what they’re doing. The biggest issue is that we the customer are responsible for our site if we do not comply with the law, you can’t say it’s their software and i am not to blame. This was done so that website owners could not shift blame. Developing from the standpoint of privacy first is easy the first rule is simple make sure you’re stuff is secure and everything is locked, multiple locked doors is good. Second do not collect data you do not need, so developers need to give us options. On my website for example what do i need to let people post and interact, well email address, name or allias and password, do i realy need country, date of birth and city. The less you collect the better the more you collect the higher the risk if something goes wrong.

 

[KimmiKat]

That's great you kicked it to the kerb. FB is not to be trusted, and it's sickening that some sites only allow logging in via FB, like Lyft and others. Or only using FB to book events.

Getting back to FB, I deleted my account long before this scandal occurred and would NEVER use SM again, because it's a fallacy to call it 'Social'.

 

[PoetJC]

Granted the explanation of the law could have been simpler for normal people. But if they did that then bigger companies could have misused that by stating that it was written like that, laws are hard to read because a comma in the wrong place can alter the law. The GDPR was passed 2 years ago but companies like XF and IPS ‘never responded only to do so last moment. Now we get to a point that they need to implement design changes asap and we as customer have no idea if its correct what they’re doing. The biggest issue is that we the customer are responsible for our site if we do not comply with the law, you can’t say it’s their software and i am not to blame. This was done so that website owners could not shift blame. Developing from the standpoint of privacy first is easy the first rule is simple make sure you’re stuff is secure and everything is locked, multiple locked doors is good. Second do not collect data you do not need, so developers need to give us options. On my website for example what do i need to let people post and interact, well email address, name or allias and password, do i realy need country, date of birth and city. The less you collect the better the more you collect the higher the risk if something goes wrong.

I think if you have clear and concise privacy policy & terms of service in place, policies which unambiguously define the precise data that is collected, and the use of said data - that you should be okay. It should be an opt-in during membership and not only an opt-in, but a contract FOR membership.

And yes - Although I agree that it would be nice to see developers implement such policies - it's really up to the site/forum owner, as each site would likely have a distinct policy tailored for their own webspace.

For instance - I *think* it was Paul M who shared some sort of sample privacy policies with one of his vBulletin add-ons. Don't quote me on that... But I did in-part add/revise the following statement when even on the vBulletin platform, as a means of *trying* to comply with the brouhaha (erm) legislation that is currently making headlines:

Usage tracking
[Forum name redacted] tracks user traffic patterns throughout all of our sites. However, we do not correlate this information with data about individual users. [Forum name redacted] does break down overall usage statistics according to a user's domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user's browser).

Use of Information
[Forum name redacted] uses any information voluntarily given by our users to enhance their experience in our network of sites, whether to provide interactive or personalized elements on the sites or to better prepare future content based on the interests of our users. As stated above, we use information that users voluntarily provide in order to send out electronic newsletters and to enable users to participate in polls, surveys, message boards, and forums. We send out newsletters to subscribers on a regular schedule (depending on the newsletter), and occasionally send out special editions when we think subscribers might be particularly interested in something we are doing. [Forum name redacted] never shares newsletter mailing lists with any third parties, including advertisers, sponsors or partners.

Sharing of Information
[Forum name redacted] uses the above-described information to tailor our content to suit your needs and help our advertisers better understand our audience's demographics. This is essential to keeping our service free. We will not share information about individual users with any third party, except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public.

Security
[Forum name redacted] operates secure data networks protected by industry standard firewall and password protection systems. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized individuals have access to the information provided by our customers and registered Members.

Your Consent
By using this site, you consent to the collection and use of this information by [forum name redacted]. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.

We collect the following information:

• Click-stream data
• HTTP protocol elements
• Search terms
• User's Name
• Computer information

At the user's option, we may also collect the following data:

• Birth Date
• Email Address
• Telephone
• Business Address

This data will be used for the following purposes:

• Completion and support of the current activity.
• Web site and system administration.
• To Provide a better service for our Members.

I think it's a piece of privacy policy that outlines your consent that your personal data might be used for advertising purposes, promotional purposes, and myriad of other purposes that inevitably are employed to better the community experience, as well as monetize a free space to share info.

J.

 

[Maddox]

A privacy policy is only one part and in fact it's probably the easiest part to implement, with some caveats as to the section regarding cookies. As for collecting user data, I believe wholeheartedly in collecting the minimum needed in which to provide the service you offer. If you want age restrictions, then you need DOB; but even that's a load of crap because you have no way of checking if it's correct. The same goes for any other data, how can you check it's correct (other than when a monetary transaction takes place)?

That isn't the full issue at all with regards to the GDPR - there are other more serious implications, such as what role do you play? Are you a data controller or data processor, or both? Whichever you are, you need to have in place mechanisms to ensure that the data you control and/or process is done so with due diligence. Even that is only part of the whole story; there's the more comprehensive issue of cookies. And this is where people are getting bogged down and finding answers are not easy to come by.

You cannot blame the woman who had her purse snatched or pockets invaded - you blame the thief.

PoetJC I disagree with this in part. It's akin to the person who leaves their front door unlocked and goes shopping and someone goes in and steals their belongings. Whose to blame? The one who steals or the one who left the door unlocked? I would say both, though perhaps not equally! That's the same as FB, they left the door unlocked and open, so in walks the bad guys and they take what they want. The idea is that yes, the thief is the ultimate bad guy, but did you do enough to stop the thief from doing the dirty deed in the first place?

we_are_borg I agree with you that the developers need to get on the ball and give us more comprehensive tools in which to mitigate the coming GDPR. But this is a typical situation of we always wait until the last minute and then it's a rush job. And then there is the deplorable attitude of waiting for something bad to happen before anything is done about it - it's almost always after the event; likened to closing the stable door after the horse has bolted.

 

[Yappi]

But it's not like FB intentionally set out to sell your data.

This couldn't be further from the truth. FB is ALL about selling your data. Why in the world would Facebook let a company have 300,000 downloads of an app which gave them access to 87 MILLION other accounts?

New Zealand: 10 people downloaded the app which gave Cambridge Analytica access to 64,000 accounts.
Australia: 53 downloads, 311,127 affected.

FB's bottom line is about collecting and selling user data.

 

[Maddox]

FB's bottom line is about collecting and selling user data.

And if you don't allow Facebook to scrape and use your data, you will have to pay to use FB as that will become an avenue of revenue recuperation for not allowing your data to be used for profit.

 

[we_are_borg]

And if you don't allow Facebook to scrape and use your data, you will have to pay to use FB as that will become an avenue of revenue recuperation for not allowing your data to be used for profit.

The moment people need to pay for facebook they will start thinking do i need this.

 

[PoetJC]

PoetJC I disagree with this in part. It's akin to the person who leaves their front door unlocked and goes shopping and someone goes in and steals their belongings. Whose to blame?

The goddamn thief is responsible. You have no business invading my private space whether my front door is unlocked or not.
Such a thought process seems to me the epitome of .... ridiculousness, for I remember a time when the front doors weren't locked and friendly neighbors (sometimes knocked on the door) came in to borrow a couple eggs and a cup of sugar for their after church, Sunday cake.
I cannot be responsible for a damn thief. To suggest such a thing is ridiculous.

This couldn't be further from the truth. FB is ALL about selling your data....
FB's bottom line is about collecting and selling user data.

I said "persay" as a caveat of sorts.
Again - it's a "free" platform for users to connect with friends and family and freaks at no cost. Of COURSE they're gonna need some way to monetize their efforts. That we're furious about that seems .... ridiculous.

And if you don't allow Facebook to scrape and use your data, you will have to pay to use FB as that will become an avenue of revenue recuperation for not allowing your data to be used for profit.

FAKE NEWS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
To spread such misinformation or even suggest it is ... ridiculous.
I cannot believe the amount of ridiculous commentary I've read & responded to (in kind) in this thread.
Scare tactics.... Why is everyone so goddamn afraid? WTH?! .... Anyway... I'm sure FB doesn't have any plans to make their platform a paid service. At least I hope not. Thanks for frightening me though.. And then there's this:

The moment people need to pay for facebook they will start thinking do i need this.

IDK if I'd necessarily pay for Facebook.
I pay for Netflix and Amazon Prime (which I hardly use) ... So ..... Yeah. People would definitely rethink their memberships if FB became a paid service.
But that's just it ... You're using FB as a free service basically. They've obviously got to monetize in some way.
I don't understand all the animus. Wow....

J.

 

[Maddox]

The goddamn thief is responsible. You have no business invading my private space whether my front door is unlocked or not.
Such a thought process seems to me the epitome of .... ridiculousness, for I remember a time when the front doors weren't locked and friendly neighbors (sometimes knocked on the door) came in to borrow a couple eggs and a cup of sugar for their after church, Sunday cake.
I cannot be responsible for a damn thief. To suggest such a thing is ridiculous.

We live in different times now and we have to take responsibility for our actions and whatever befalls us because of inactions. I agree completely that a thief has no business to invade your property and in a perfect world that would no doubt be the case, so we have to take responsibility to make it difficult (or impossible) for someone to invade your property. That's why insurance companies ask about your locks and other security measures - the more you have the less risk you are and so you save money and at the same time you make it really difficult for someone to steal from you. That's the way the world works now, gone are the days of leaving your doors open when communities were filled with decent, honest people who looked out for each other; it's dog eat dog now and it's a sad indictment to society that we have devolved in such a way. In this instance, about the thief entering your property, I believe most people would reply 'you brought it on yourself for not locking up', even though their sympathies may be with you. It's a two sided coin.

Again - it's a "free" platform for users to connect with friends and family and freaks at no cost. Of COURSE they're gonna need some way to monetize their efforts. That we're furious about that seems .... ridiculous.

I don't see anyone going off the rails about having to pay at the moment, but should that come then I imagine it would be a choice; you don't want me using your data or allowing others to scrape it and pay me for letting them do so, it's gonna cost you X to maintain absolute privacy. Such a business model and the size of FB cannot operate for free. So it will come down to a choice. Of course many people will be irked by the fact that they may have to pay for a service that was, to all intents and purposes, free but that's life.

FAKE NEWS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
To spread such misinformation or even suggest it is ... ridiculous.
I cannot believe the amount of ridiculous commentary I've read & responded to (in kind) in this thread.

That's not fake news at all - Zuckerberg said it would be so when he was being quizzed.

This is a direct quote from CNBC website:

There will always be a version of Facebook that users can access without paying, Facebook CEO Mark Zuckerberg said in congressional testimony on Tuesday. But his phrasing suggests the company has at least considered a paid version.

"Yes, there will always be a version of Facebook that is free," Zuckerberg said during a joint hearing of the U.S. Senate Judiciary and Commerce committees.

https://www.cnbc.com/2018/04/10/mar...ys-be-a-version-of-facebook-that-is-free.html

Watch the video!

I think you need to take a chill pill before going off on one you give the impression that you're going to explode lol - read between the lines and check facts before screaming FAKE NEWS!! and the like.

 

[Alpha1]

Here's a study on Facebook data authored by Alexander Kogan AKA Alexander Spectre (FFS) and 2 Facebook employees:
https://www.sciencedirect.com/science/article/pii/S0191886915004973?via=ihub
Flemming & Gronin are Facebook employees.

It seems that Facebook is up to its neck into this. It just hasn't come out yet. Probably because the old farts in congress have difficulty with the subject.

And what to think about billionaire Peter Thiel, who invested 1.25 million in trump, when he was Facebook board member and also chairman of Palantir? Palantir is a UK data analysis company serving governments and companies and has many links/interactions with Cambridge Analytica. Right after the election Thiel sold his Facebook stock and was named executive committee of Trumps transition team. I'm not sure what to think of that, and it may well be smoke without fire, but it seems to me that there is a lot that needs to be looked into.
Zuck dodged the question about Palantir: http://www.businessinsider.com/zuck...-palantirs-link-to-facebook-ca-scandal-2018-4
"Do you think Palantir ever scraped data from Facebook?" She asked. Zuckerberg, looked nonplussed and answered. "Senator, I'm not aware of that."

 

[Alpha1]

Better explanation here:

Palantir's links to Facebook

Most notable among these questions was Democrat senator Maria Cantwell's attempts at broadening the scope of the conversation beyond Cambridge Analytica's exploits by questioning Zuckerberg about Palantir – a firm that Facebook board member Peter Thiel co-founded and is now the chairman of.

Cantwell asked: "Do you think Palantir ever scraped data from Facebook?"

Zuckerberg, looking clearly uncomfortable, replied with a meek "Senator, I'm not aware of that".

At this, she went on to ask, "Do you know who Palantir is?"

Zuckerberg admitted that he did, after which she asked if Palantir worked with Cambridge Analytica. Yet again, the Facebook CEO tried to evade by saying he had no information on the subject.

The question about Palantir was one that many have been waiting to ask as the data mining company has been alleged to have direct links to embattled Cambridge Analytica. Last month, the New York Times reported that Palantir and the daughter of the former Google chairman Eric Schmidt had connections to Cambridge Analytica's attempt at scraping data of Facebook users.

https://www.dailyo.in/technology/fa...ir-russian-ads-hate-speech/story/1/23415.html

 

[mysiteguy]

The misuse and really the scraping of data should be blamed on the person who found a loophole in which to abuse the system.
Again, as Zuckerberg testified to: they have implemented quite a bit of security precautions. He also admitted that there could have been more due diligence as for protecting folks' data.

Back when the press was praising the Democrats for gathering far more data from Facebook than Cambridge Analytica did, Facebook was a party to it. It never became a big concern... until the other side of the aisle did the same.

https://www.nytimes.com/2013/06/23/magazine/the-obama-campaigns-digital-masterminds-cash-in.html

"Grisolano told me that the campaign literally knew every single wavering voter in the country that it needed to persuade to vote for Obama, by name, address, race, sex and income."

"Why not try sifting through self-described supporters’ Facebook pages in search of friends who might be on the campaign’s list of the most persuadable voters?"

"We ingested the entire U.S. social graph," Carol Davidsen, director of data integration and media analytics for Obama for America.

FB was complicit:
"The campaign’s exhaustive use of Facebook triggered the site’s internal safeguards. “It was more like we blew through an alarm that their engineers hadn’t planned for or knew about,” said St. Clair, who had been working at a small firm in Chicago and joined the campaign at the suggestion of a friend. “They’d sigh and say, ‘You can do this as long as you stop doing it on Nov. 7.’ ”

“They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side,” Davidsen tweeted ( )

It seems to me though, that other threads as regards this issue - that the entire blame is being put on the shoulders of Facebook and other social media sites, rather than the culprits who actually did the misdeeds! So I think there's an important distinction to be made. A piece I found particularly interesting:

Such as the Democratic Party?

Clearly there should be additional precautions as for protecting data. But it's not like FB intentionally set out to sell your data.

They intentionally let one party break their own rules.

Well ... Persay anyway...
IDK.. As a fan of Facebook - I have a hard time understanding why blame the SM platform(s) for the misdeeds of others, when the platform has protections in place that were basically ran over and misused by intentionally malicious 3rd parties.

Yup, they were malicious.