The Federal Trade Commission on Monday announced it is launching an investigation into Facebook’s data privacy practices. The announcement is another kick to Facebook, which has been grappling with the fallout from a scandal where data from the social media platform leaked through a third-party app.
“Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook,” said Tom Paul, acting director of the FTC’s Bureau of Consumer Protection, in a statement. “Today, the FTC is confirming that it has an open non-public investigation into these practices.”
— FTC (@FTC) March 26, 2018
Rob Sherman, deputy chief privacy officer at Facebook, said in an emailed statement to Threatpost: “We remain strongly committed to protecting people’s information. We appreciate the opportunity to answer questions the FTC may have.”
Part of the FTC’s investigation may center around whether Facebook violated a consent decree from 2011, which requires the social network to receive explicit permission from users in regards to sharing their data with third parties. Facebook could face up to $40,000 in fines per violation if found guilty, according to CNBC.
The investigation stems around Facebook’s acknowledgement earlier this month that since 2015 a third-party application had handed over the data of up to 50 million platform users to Cambridge Analytica – a consulting group that has worked on several high-profile political campaigns, including that of President Donald Trump’s.
Adding to questions about the company’s privacy policies were reports this weekend that the company had been logging Android users’ call and text history without their permission. Facebook responded to the reports on Sunday saying that some users’ information has been logged, but stressing that the function has “always been opt-in only,” that the information collected doesn’t include the contents of calls or texts, and that the data isn’t sold to third parties.
The company has faced a slew of public backlash –including a wave of politicians who have called on Facebook to enforce privacy policies to protect user data, and business leaders, from Elon Musk to Whatsapp co-founder Brian Acton joining in on a #DeleteFacebook campaign via social media against the company.
In the midst of all this are reports that Facebook’s security chief, Alex Stamos is planning to step down from the company in August, after he was met with resistance after advocating for more disclosure around Russian manipulation of the platform and some restructuring to better address related issues.
Facebook has responded to the Cambridge Analytica blowout over the past week, with Facebook CEO Mark Zuckerberg taking out full-page newspaper ads in the New York Times, WSJ, and Washington Post, among others, this weekend to pledge “responsibility” to end users.
“This was a breach of trust and I’m sorry we didn’t do more at the time. We’re now taking steps to make sure this doesn’t happen again,” said the ad, a signed letter from Zuckerberg. “I promise to do better for you.”
— Brian Stelter (@brianstelter) March 25, 2018
The Facebook fallout has raised questions about how social media platforms can increase best practices around managing and securing third party data privacy for end users. James Robinson, VP of Third Party Risk Management at Optiv, said that the incident has brought to light several fundamental data privacy and security issues, “issues that, while not new, need to be better understood.”
“We are living in a world powered by platforms, APIs and data, and, as such, third- and fourth-party risk management is of paramount importance,” said Robinson. “As enterprises increasingly leverage mobile and social platforms to advance customer relations and business operations, they must adopt a threat management plan to ensure user privacy and data security.”