Why the F.T.C. Is Taking a New Look at Facebook Privacy


After a yearlong string of reports studies which have known as Facebook’s data-sharing practices into query, federal regulators are taking a onerous look at how the social media firm handles the private info of its customers.

It isn’t the first time Facebook has drawn authorities scrutiny. About seven years in the past, after prices had been leveled by the Federal Trade Commission, the firm made an settlement with the company to overtake its privateness practices.

That settlement, known as a consent decree, offers a street map for a way the F.T.C. is prone to scrutinize Facebook over the coming months.

In 2007, Facebook launched Facebook Beacon, a program that broadcast particulars on customers’ on-line purchases to their pals, initially permitting customers to decide out of sharing their purchases solely on a case-by-case foundation.

■ Facebook allowed third-party apps that users had installed to have access to nearly all of their personal data — even though Facebook had stated the apps could obtain only the personal information they needed to operate, the agency said.

■ In 2009, the agency said, Facebook changed its information-handling practices, making certain personal details — like users’ friends lists — public, overriding the choices of people who wanted to keep that data private. The policy change, the F.T.C.’s complaint said, exposed users’ profile information, including “potentially controversial political views or other sensitive information,” to third parties.

■ The agency said Facebook claimed it certified the security practices of apps participating in its “Verified Apps program,” but the company did not do so.

In November 2011, Facebook agreed to settle complaints that it had deceived consumers by “telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public,” the F.T.C. said in a statement at the time.

The agreement, which became final in 2012, prohibited Facebook from misleading consumers about their data privacy and security. The social network committed to getting the explicit consent of users before making changes that overrode their privacy preferences.

The agency ordered Facebook to put a comprehensive privacy program in place to protect the privacy and confidentiality of users’ information and to manage the risks of existing and new products.

It also required Facebook over the next 20 years to undergo biennial audits by an independent third party to certify that the privacy program was properly protecting the information of the company’s users.

In March 2018, The New York Times reported that a voter-profiling company, Cambridge Analytica, had harvested the personal data of millions of Facebook users without their knowledge or permission.

The voter-profiling company obtained the data from a researcher who had offered a personality survey app on Facebook. Although only about 270,000 Facebook users agreed to share their data to participate in the survey, the Facebook platform enabled the app to improperly harvest the personal details of millions of those users’ friends — consumers who had not agreed to share their information with the survey app, The Times reported.

Privacy experts, law professors and at least one former F.T.C. official have argued that Facebook’s failure to prevent the survey app from obtaining the data of users’ friends violated the federal consent agreement. So did Facebook’s failure to prevent the app developer from sharing both users’ data and the data of users’ friends with Cambridge Analytica, these critics said.

They said the Cambridge Analytica episode suggested that Facebook had failed to adequately conduct the risk assessments the agreement required it to do. It also failed to obtain required, explicit consent from users’ friends for the sharing of their data with third parties, the privacy experts said.

They also argued that Facebook had failed to operate a comprehensive privacy protection program and take reasonable precautions — steps the company was obligated to take under the consent decree.

“The consent decree requires Facebook to always be vigilant to possible privacy problems and try to solve them,” said David C. Vladeck, a professor at Georgetown Law and a former director of consumer protection at the F.T.C. who oversaw the investigation that led to the consent decree. “Cambridge Analytica made clear that Facebook was not auditing third-party apps.”

On March 26, the F.T.C. said it was conducting an investigation into Facebook’s privacy practices. An agency spokeswoman declined to comment last week on the progress of the investigation.

In addition to the F.T.C., Facebook is under investigation by the Justice Department, the Federal Bureau of Investigation, the Securities and Exchange Commission and several government agencies in Europe over Cambridge Analytica’s harvesting of user data.

Facebook said it had developed a privacy program as required by federal regulators and it had not violated the consent decree.

“We are transparent with people about how we use their information and respect people’s privacy settings,” said Sally Aldous, a Facebook spokeswoman. “We have a privacy program, which ensures we protect people’s information, which we continuously evolve to address the privacy risks of our products and services.”

Ms. Aldous said the company’s privacy program involved more than three dozen control mechanisms — including a privacy governance team and security teams that “ensure privacy risks for product launches and major changes are identified, discussed, and escalated for decisions when necessary.”

Facebook said it disagreed with The Times’s characterization of its sharing of user data with Amazon, Apple, Blackberry, Microsoft, Samsung, Yahoo and other companies.

The social network said device makers used information from Facebook to integrate certain Facebook features on their platforms and agreed not to use that information for their own purposes. The company also said Spotify and other third-party apps had access to users’ Facebook data only after users signed in with their Facebook account in the third-party apps.

“None of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the F.TC.,” Konstantinos Papamiltiadis, director of developer platforms and programs at Facebook, wrote in a company news release last week.



Source link Nytimes.com

Get more stuff like this

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.