Violated FTC privacy deal
Two former federal officials who crafted the landmark consent decree governing how Facebook handles user privacy say the company may have violated that decree when it shared information from tens of millions of users with a data analysis firm that later worked for President Trump’s 2016 campaign.
Such a violation, if eventually confirmed by the Federal Trade Commission, could lead to many millions of dollars in fines against Facebook, said David Vladeck, who as the director of the FTC’s Bureau of Consumer Protection oversaw the investigation of alleged privacy violations by Facebook and the subsequent consent decree resolving the case in 2011. He left that position in 2012.
On Sunday morning, Vladeck said in an interview with The Washington Post that Facebook’s sharing of data with Cambridge Analytica “raises serious questions about compliance with the FTC consent decree.”
He added, “I would not be surprised if at some point the FTC looks at this. I would expect them to.”
The FTC did not immediately respond to requests for comment Sunday morning.
Facebook has denied violating the consent decree when it allowed an app developer working for Cambridge Analytica to gain access to information about an estimated tens of millions of people. The group included both the 270,000 Facebook users who downloaded a psychological testing app and the Facebook “friends” of those people. This included the preferences those friends had expressed by hitting the widely used “like” button on social media posts or news stories.
In a statement Saturday, Facebook said, “We reject any suggestion of violation of the consent decree. We respected the privacy settings that people had in place. Privacy and data protections are fundamental to every decision we make.”
Vladeck, now a professor at Georgetown Law, said violations of the consent decree could carry a penalty of $40,000 per violation, meaning that if news reports that the data of 50 million people were shared proves true, the company’s possible exposure runs into the trillions of dollars. Vladeck said that such a fine is unlikely but that the final penalty still could be very large.
“That’s the maximum exposure, though it’s not clear to me that the agency would insist on that kind of a penalty,” he said.
The FTC issue is rising as lawmakers in both the United States and Britain call for answers from Cambridge Analytica and Facebook — in some cases demanding that Facebook chief executive Mark Zuckerberg personally appear at legislative hearings.
The FTC consent decree required that users be notified and that they explicitly give their permission before data about them is shared beyond the privacy settings they have established. The developer of the app sought permission from those who downloaded it but not their Facebook friends. The app, called “thisisyourdigitallife,” offered personality predictions and billed itself on Facebook as “a research app used by psychologists.”
A key question now is what was allowed under Facebook’s privacy settings at the time, and whether those permissions were so broad as to allow routine violations of the 2011 FTC consent decree.
Hundreds of developers -- including those who made popular dating and gaming apps and those who built political apps for campaigns -- used Facebook to gain access to huge amounts of information about users and their Facebook friends. Data that could be easily accessed from friends included names of users, their education and work histories, birthdays, likes, locations, photos, relationship statuses, and religious and political affiliations.
The data collected by the app reportedly was shared with Cambridge Analytica and used to help the firm build profiles of individual voters and their political preferences to better target advertising to them. Cambridge Analytica has denied wrongdoing or improperly acquiring Facebook data.Read More...