Facebook hasn’t been having a good time in Europe, but it appears the company might receive a billion-dollar penalty in the United States in the wake of Cambridge Analytica’s data harvesting story. According to federal officials, the social networking giant violated the FTC consent decree when it shared information of tens of millions of its users with a data analysis firm.
Cambridge Analytica became a popular name after it successfully powered the Brexit and 2016 Trump campaign. As reported over the weekend, a whistleblower who helped found the analytics firm had claimed that this large-scale data harvesting was done to target users’ “inner demons.”
Related 50 Million Facebook Profiles Harvested Without User Consent – Data Monster Chose NOT to Alert Victims Is Trying to Threaten Reporters
Facebook potentially violated the FTC consent decree
Whatever the developers did with the data, however, isn’t the biggest concern. The story has raised concerns over several other firms potentially doing the same with Facebook staying silent or doing close to nothing.
The app named thisisyourdigitallife that was used for this purpose had fewer than 300,000 users who gave the app developer consent for a psychological test. However, data of over tens of millions of consumers was “stolen” as the firm took information of test takers’ friends in the process. The data not only included basic information of the users but included preferences of those friends (tracked by “like” button on pages and content) who never used this app.
The FTC consent decree required Facebook to notify users and explicitly receive their permission before data is shared beyond their privacy settings. In this case, the developer only received permission from those who took the test, not their friends. Facebook first learned of this incident back in 2015, however, chose not to inform the agency or the affected users.
While Facebook continues to suggest that it didn’t violate the consent decree and actually respected its users’ privacy settings, federal officials don’t appear to agree. The WaPo, citing two former federal officials who crafted the landmark consent decree that governs how Facebook handles user privacy, reported that the company may have violated that decree. David Vladeck, who was the director of the FTC’s Bureau of Consumer Protection when the agency investigated alleged privacy violations by Facebook and the consent decree that resolved the case, told the publication that the company’s sharing of data with Cambridge Analytica “raises serious questions about compliance with the FTC consent decree.”
Related Why WhatsApp Needs to Bring Back the Option of Opting Out of Data Sharing w/ Facebook
If the Federal Trade Commission proves this violation, Facebook could be in for hefty fines. According to Vladeck, violations carry a penalty of $40,000 per user. This means that if the reports of over 50 million people being affected in this incident are proven, the company could face penalties that could go in trillions of dollars. However, that figure is unlikely since watchdogs and regulators usually impose fines that are more likely to be paid by the violator.
“We reject any suggestion of violation of the consent decree,” Facebook said in its own statement. “We respected the privacy settings that people had in place. Privacy and data protections are fundamental to every decision we make.”
Facebook is also facing criticism from media for its attempts to downplay the severity of this issue, trying to silence reporters for making “false and defamatory” claims, and suspending the account of Christopher Wylie, who revealed this data sharing incident.
