On the heels of global outrage regarding the Cambridge Analytical scandal, Mark Zuckerberg testified this week before Congress over the course of two days in two very long sessions. Given the scope of Facebook’s business, the sessions covered a wide range of topics, from manipulative ads and censorship to the presence of illicit materials on Facebook’s network. While there’s a lot to unpack, we’re zeroing in on the key aspects of Zuckerberg’s testimony and detailing what may be in Facebook’s future.

What exactly were the sessions about?

Zuckerberg testified in front of both the Senate Judiciary and the Senate Commerce, Science, and Transportation committees on Tuesday, April 10, 2018, and the House Energy and Commerce Committee on Wednesday, April 11, 2018. After reading prepared comments, members of Congress were allowed to directly ask Zuckerberg questions in five-minute segments. Unfortunately, both hearings felt clunky and repetitive at times, given the topics of interest and differing levels of background knowledge amongst all the congresspeople. While there were moments of informative discussion, a number of pundits, experts and foreign politicians have, to some extent, criticized the hearings — especially Tuesday’s hearing — for a dearth of meaningful questions. Despite this, there were a number of broad themes that emerged from both Facebook sessions:

We got a bit more background on the Cambridge Analytica incident

Although technically not the focus of either hearing, the infamous “Facebook data breach” was one of the biggest impetuses for both sessions. As such, it’s not surprising that some more details came out. Facebook intends to continue its investigation of the firm, but has currently ceased its efforts until U.K. officials complete their own investigation. The company is also looking into Cambridge University’s role in the scandal, as well. Additionally, a line of questioning from Sen. Bill Nelson revealed what many suspected – Facebook has historically lacked an enforcement mechanism for breaches of contract with developers and clear rules around data breach disclosures. Another question from Rep. Tony Cardenas grappled with why Facebook only reacted to the scandal after failing to dissuade The Guardian from breaking the story. Finally, Zuckerberg himself disclosed that he was a victim of the Cambridge Analytica breach.

Zuckerberg wants us to know: Facebook “doesn’t sell data”

To an extent, both sessions involved many politicians getting clarification on basic aspects of social media, Internet services and privacy (much to the amusement and annoyance of observers). While this tinted the sessions with moments of banality – just watch this exchange where Sen. Orrin Hatch asks how Facebook makes money without charging money – it also resulted in some clarifications that many users probably needed. One of the biggest things we learned is that Facebook apparently doesn’t sell user data, a fact that Zuckerberg reiterated multiple times throughout the sessions. This is technically true, as Facebook does not sell data in a traditional sense. Instead, it sells its platform to advertisers by marketing its analytics and tools for ad placement to the appropriate demographics. But as critics point out, this is still monetization and aggregation of user data, and it provides the company incentive to collect excessive amounts of user (and non-user) information. It also means that the day the company faces a real breach, it will probably be a lot worse than the Cambridge scandal.

Congress is not happy with Facebook’s terms of service

Touching on an issue that we and other outlets have reported on in the past, a lot of politicians argued that Facebook’s terms of service was confusing. Sen. John Kennedy point blank told Zuckerberg “ … your user agreement sucks … ” before cynically remarking that its purpose was “ … to cover Facebook’s rear end, not inform users of their rights.” A chorus of other senators voiced similar critiques. While there seemed to be no definite commitments on Zuckerberg’s end, the fact that politicians are voicing a complaint that users and advocacy groups have been making for such a long time is noteworthy, as it could result in tech companies being shamed or regulated into better transparency at some point in the future.

Facebook is open to regulation

One of the most consistent threads in the sessions was talk of regulation, be it in the form of legislative action or self-regulation on the part of Facebook. For the most part, Zuckerberg seemed to be open to the idea and at one point in Wednesday’s sessions, called regulation “inevitable.” Several news-savvy politicians even asked him about the General Data Protection Regulation (GDPR) that affords European Internet users very strict privacy rights, and Zuckerberg responded fairly positively to them. He did at points, however, offer pushback – specifically when it came to rights surrounding emerging technologies, like facial recognition, citing competitive concerns with China. Given the setting, it’s hard to know the exact direction Congress is leaning on the issue of regulation (though a number of states are currently passing their own technology bills). Regardless of what Congress decides, there are likely to be pitfalls either way, meaning that any commitment to regulation needs to be informed and based on deep reflection.

What’s going to happen now?

It’s far too early to make any predictions, but despite the nuggets of hope the sessions provided, many experts are finding reasons to be critical of the likelihood that Facebook will make substantive changes. In fact, during Tuesday’s testimony, Facebook’s stock price rose, indicating that shareholders likely see things being business-as-usual in the near term. What’s more, there are a number of key questions that Congress either failed to ask or that Zuckerberg simply evaded. While the fallout from the Cambridge Analytica scandal, as well as these hearings provide solid momentum for addressing critical privacy issues, it has yet to be seen how well these translate into tangible changes.

For more information about ongoing major tech stories and how they impact you, keep reading our technology blog.