Facebook’s Sheryl Sandberg On Data Privacy Fail: ‘We Were Way Too Idealistic’

After weeks of remaining conspicuously out of sight, Facebook Chief Operating Officer Sheryl Sandberg told NPR's Steve Inskeep that she doesn't know if companies other than Cambridge Analytica exploited users' private data without their consent.

"We don't know," she said, leaning into a black leather swivel chair at the company's headquarters in Menlo Park, Calif., on Thursday.

Sandberg said Facebook has launched an investigation and audit to determine whether user information has been compromised by other firms.

"As we find those, we're going to notify people," she said.

The interview with NPR is part of an intense damage control tour the company has undertaken to respond to users, politicians and regulators who are outraged to learn that for years, Facebook had left people's personal information open for mining by third-party app developers.

Chief Executive Officer Mark Zuckerberg is scheduled to testify at congressional hearings next Tuesday and Wednesday.

Sandberg outlined some of the steps the company is taking to repair the damage: On Monday, Facebook will begin notifying the 87 million users whose information may have been compromised and given to Cambridge Analytica, a data mining firm used by the Trump campaign.

But, she said, the company will not be making the same kind of individual outreach to the some 126 million Facebook users who were exposed to Russian disinformation, including through the use of pages and accounts linked to a "troll factory."

"We really believed in social experiences. We really believed in protecting privacy. But we were way too idealistic. We did not think enough about the abuse cases," she said.

Facebook, the world's largest social media company, is in the middle of a reputational crisis and faces questions from lawmakers and regulatory agencies after the political research firm Cambridge Analytica collected information on as many as 87 million people without their permission. Previous estimates had put the number of users affected at 50 million.

Now the company, which has lost about $100 billion in stock value since February, is reviewing its data policies — and changing some of them — to find better methods of protecting user data.

And its leaders are apologizing.

"We know that we did not do enough to protect people's data," Sandberg said. "I'm really sorry for that. Mark [Zuckerberg] is really sorry for that, and what we're doing now is taking really firm action."

The Federal Trade Commission is looking into whether Facebook violated a 2011 consent decree by allowing third parties to have unrestricted access to user data without users' permission and contrary to user preferences and expectations.

The penalties for violating the order would be devastating, even for Facebook. At $40,000 per violation, the total cost could theoretically run into the billions.

Sandberg contended that Facebook is and has been in compliance with the agreement for years. She also said the company has been in constant contact with the FTC. But with regard to the steps Facebook has so far taken to better protect people's privacy, Sandberg readily admitted these should have been done years ago.

Asked about any forthcoming governmental oversight, she insisted, "We're not even waiting for regulation."

Sandberg also touched on another contentious issue for Facebook: the role it will play in the upcoming elections and in the U.S. political system as a whole.

"We certainly know people want accurate information, not false news, on Facebook, and we take that really seriously," she said.

Looking ahead to the midterm elections and the 2020 presidential race, Sandberg said, "We want to make sure that there's no foreign interference." Facebook plans to prevent that by "taking very aggressive steps on ads transparency."

"I think what really matters is that we learn from what's happened. Security is an ongoing game," she said.

It is a game that will continue to challenge the company. "You build something; someone's going to try to get around it. This is going to keep happening," Sandberg said.

Sandberg has been criticized in recent weeks for her absence from the growing global debate about Facebook's failure to protect user privacy and what it must do to move forward.

Until now, Sandberg had contributed little to that conversation, taking several days after the Cambridge Analytica revelation to write a Facebook post explaining a few of the company's next steps. It piggybacked on a similar mea culpa from Zuckerberg.

A day later, in an interview with CNBC, she admitted Facebook had violated its users' trust.

Sandberg joined Facebook as second in command in 2008 and was then touted as the adult in the room who would help company co-founder Zuckerberg by bringing management expertise she had gained from six years at Google.

Her time at Facebook coincides with a period of tremendous growth at the company. The site now has about 2.2 billion users. She has been critical to Facebook's success in becoming a behemoth in advertising. The company makes almost all of its revenue and profit from ads, in large part because of the strategies implemented under Sandberg, especially as Facebook moved to mobile. As of 2015, one in five minutes spent in mobile apps was on Facebook.

And in that decade, Facebook's massive trove of user data has been used to help companies create highly targeted ads. That has made it a dominant force in digital advertising.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.