Facebook on Thursday said it has started to report its privacy practices to a newly formed, independent Privacy Committee.
The creation of the independent committee was part of the company’s settlement a year ago with the Federal Trade Commission (FTC) over data privacy violations, which came in addition to a $5 billion fine (which was derided as “chump change” by lawmakers and privacy analysts).
Facebook officers and employees are disqualified from the committee. According to the FTC, the committee will be briefed about “all material privacy risks and issues at the company,” and will have approval-and-removal authority “over a new cadre of designated compliance officers and a third-party assessor that will not answer to Facebook.”
As part of this, an independent, third-party assessor will also review Facebook’s privacy practices and report on them to the Privacy Committee and the FTC, both quarterly and annually. The Privacy Committee will be comprised solely of independent directors, according to Facebook.
“An important part of the changes we’re making to our privacy approach is communicating more transparently about our work,” said Michel Protti, chief privacy officer, product, Facebook, in a Thursday post. “Over the past year we’ve written about how we build privacy into our products and how we use data. Now we’re expanding on this.”
Protti said, Facebook will be improving its onboarding process for new employees to better incorporate privacy and requiring an annual privacy training course for employees. The company will also use a Privacy Review process for new products or updates, to “look closely at how we use data, assess risks, and put safeguards in place to address them.”
Security and privacy experts hope that the third-party review, and committee, will help hold Facebook accountable to maintaining an appropriate amount of user privacy.
“Since Facebook plans to implement a third-party to review and report their practices to the Privacy Committee and FTC, it appears that they are prioritizing their goals by creating a quality management system to hold them accountable to maintain their objectives.” Kacey Clark, threat researcher at Digital Shadows, told Threatpost. “While privacy is fleeting, this gives the impression that Facebook is making an effort to improve their platform and take the privacy of its users seriously.”
Facebook’s privacy troubles began in 2018 after its Cambridge Analytica privacy snafu. After that, the company said it suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data.
Regardless, the company has still struggled with privacy, in 2019 saying that 100 third-party app developers improperly accessed the names and profile pictures of members in various Facebook groups.
“In the wake of the Facebook-Cambridge Analytica data breach in 2018, the privacy risk associated with social media platforms became well known to the masses,” Clark told Threatpost. “Due to the amount of user information that Facebook possesses, including personally identifiable information and protected health information, it is imperative that they have a significant focus on privacy and data rights.”
Insider threats are different in the work-from home era. On June 24 at 2 p.m. ET, join the Threatpost edit team and our special guest, Gurucul CEO Saryu Nayyer, for a FREE webinar, “The Enemy Within: How Insider Threats Are Changing.” Get helpful, real-world information on how insider threats are changing with WFH, what the new attack vectors are and what companies can do about it. Please register here for this Threatpost webinar.