Skip to main content

Read Mark Zuckerberg’s notes from today’s Facebook privacy Senate hearing

Read Mark Zuckerberg’s notes from today’s Facebook privacy Senate hearing


‘(Don’t say we already do what GDPR requires)’

Share this story

Facebook CEO Mark Zuckerberg Testifies At Joint Senate Commerce/Judiciary Hearing
Photo by Chip Somodevilla/Getty Images

Facebook CEO Mark Zuckerberg testified before Senate today in a marathon five-hour session about the ongoing Cambridge Analytica data privacy scandal. In addition to discussing that situation, and how as many as 87 million users had their information misused by the data mining firm, the conversation also touched on Facebook’s role and responsibility in the world as a news source and a massively influential tool for democracy and communication.

While there were few bombshell revelations, Zuckerberg did answer a far-reaching and diverse set of questions ranging from whether Facebook is a monopoly to whether the company would ever consider an ad-free paid version. As part of his appearance on Capitol Hill today, Zuckerberg brought along a thick binder of notes to help him answer questions, stay on his talking points, and come up with quick and relatively innocuous responses to hot-button issues. Thankfully, because there were photojournalists in the room, we have access to a least two pages of those notes.

AP photographer Andrew Harnik snapped perhaps the best photos of Zuckerberg’s notes, and you can see them clearly here:

AP Photo / Andrew Harnik

It’s a very telling pair of documents, giving us a glimpse inside how both Zuckerberg and the sophisticated executive and crisis PR team orbiting him are thinking about the biggest issues facing Facebook today. Some interesting standouts here:

  • Underlined at the top under the “Cambridge Analytica” section is a point about how no credit card or social security numbers were compromised
  • In a section titled “Accountability,” Zuckerberg’s notes include a reiteration that he is to blame as the leader of Facebook and that no one has been fired over the scandal
  • In the same section, Zuckerberg has talking points that help him skirt any questions over whether he will or should resign (he’s not planning to)
  • In a section outlining points about Facebook’s business model, Zuckerberg has written down before him a point about the social network needing to be free to be accessible to everyone, and that advertising is the only way to offer that service to the largest number of people
  • Zuckerberg has a section on defending Facebook by reiterating the good it does for the world
  • There’s an entire section of the notes dedicated to Apple and its CEO Tim Cook, after a public dispute Zuckerberg and he had over privacy last week, that includes a famous quote from Amazon CEO Jeff Bezos and comments about Apple’s past privacy issues with third-party apps
  • There’s a small section on Silicon Valley diversity that advises Zuckerberg to own up to how abysmal both the company’s and the industry’s diversity stats are
  • The final section on the second page includes a few bullet points related to the EU’s General Data Protection Regulation law, which goes into effect in May and will have a significant effect on how internet businesses operate in Europe
  • The GDPR section in big bold letters advises Zuckerberg to avoid saying Facebook already complies with the law, which it does not, and yet the bullet points do not include any confirmation on whether Facebook will expand GDPR protections to users worldwide, something the chief executive has been unclear about in the past week

For those who would like to read the notes in full, here’s the full transcript:

Cambridge Analytica

- Breach of trust; sorry we let it happen; took steps in 2014 to stop it happening again.

- Quiz app designed by Cambridge University researcher named Aleksandr Kogan.

- People who used app gave Kogan FB information like public profile, page likes, friend list + birthday; same for friends’ whose settings allowed sharing; NO credit card/SSN info.

- Kogan sold to CA in violation of our terms; when we found out, told them to delete data.

- Confirmed they had — now seems untrue. Should have done more to audit + tell people.

- Didn’t think enough about abuse; rethinking every part of our relationship with people.


- Important issue but no credit card information or SSN shared.

- People gave Kogan access to Facebook information like their public profile, page likes, friend list, birthday; same for friends’ whose settings allowed sharing.

- 2014 changes mean it couldn’t happen now; restricted apps’ access to data even further.

Reverse lookup (scraping)

- Found out about abuse two weeks ago, shut it down.

- Useful to find someone by phone number/email; if people have the same name.

- Malicious actors linked public info (name, profile photo, gender, user ID) to phone numbers they already had; shut it down. Need to do more to prevent abuse.


- Fire people for CA?: It’s about how we designed the platform. That was my responsibility. Not going to throw people under the bus.

- Do you ever fire anyone?: Yes; hold people accountable all the time; not going to go into specifics.

- Resign?: Founded Facebook. My decisions. I made mistakes. Big challenge, but we’ve solved problems before, going to solve this one. Already taking action.

- No accountability for MZ?: Accountable to you, to employees, to people who use FB.

Data safety:

- I use FB every day, so does my family, invest a lot in security.

- Made mistakes, working hard to fix them.

- Giving people more controls, just yesterday stated showing people their app controls.

Business model (ads)

- Want FB to be a service that everyone can use, has to be free, can only do that with ads.

- Key for me is mission — helping people connect. Business model supports that mission.

- Let’s be clear: Facebook doesn’t sell data. You own your information. We give you controls.

- People know [...] need ads; tell us if they have to see ads, want them to be relevant.


- Facebook [...] not time spent; time spent fell 5% Q4; pivot to MSI.

- [...]ssesm[..] to communicate with kids; MK gives parents control.

- [...] like N[...] have commercial ads. We have no plans to do so.

Defend Facebook

- [If attacked: Respectfully, I reject that. Not who we are.]

- Billions people globally use FB every day to connect to the people that matter.

- Families reconnected, people met and gotten married, movements organized, tens of millions of SMBs now have better tools to grow and create jobs.

- More work to do, but can’t lose sight of all the ways people are using FB for good.

Tim Cook on biz model

- Bezos: “Companies that work hard to charge you more and companies that work hard to charge you less.”

- At FB, we try hard to charge you less. In fact, we’re free.

- [On data, we’re similar. When you install an app on your iPhone, you give it access to some information, just like when you login with FB.

- Lots of stories about apps misusing Apple data, never seen Apple notify people.

- Important you hold everyone to the same standard.]

Disturbing content

- It’s very disturbing; and sadly we do see bad things on Facebook.

- Should have no place on our service; community standards prohibit hate, bullying, terror.

- Working to be more proactive; AI, hiring more people e.g. terror, e.g. suicide.

- Will never be perfect; but making huge investments.

Election integrity (Russia)

- Too slow, making progress. France, Germany, Alabama.

- Midterms are important, but not just in the US — Brazil, Mexico, Hungary.

- Just announced committee of academics to commission independent research on social media on democracy.


- Silicon valley has a problem, and Facebook is part of the problem.

- Personally care about making progress; long way to go [3% African American, 5% Hispanics].


- Consumer choice: consumers have lots of choice over how they spend their time

- Small part of ad market: advertisers have choices too — $650 billion market, we have 6%.

- Break up FB?: US tech companies key asset for America, break up strengthens Chinese companies.

GDPR (Don’t say we already do what GDPR requires)

- People deserve good privacy tools and controls wherever they live.

- We build everything to be transparent and give people control. GDPR does a few things:

- Provides control over data use — what we’ve done for a few years.

- Requires consent — done a little bit, now doing more in Europe and around the world.

- Get special consent for sensitive things e.g. facial recognition.

- Support privacy legislation that is practical, puts people in control and allows for innovation.