Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Commentary – How the FTC Could Have Prevented the Facebook Mess

Techonomy Exclusive – Marc Rotenberg: “Here comes an understatement: Facebook’s failure to protect user data was well known before the company suspended dealings with Cambridge Analytica last week. What is not well known is that the transfer of 50 million user records to the controversial data mining and political consulting firm could have been avoided if the Federal Trade Commission had done its job. The FTC issued a 2011 consent order against Facebook to protect the privacy of user data. If it had been enforced, there would be no story. Facebook bears responsibility too, because it actively worked to avoid compliance.  Perhaps if the government and company had done their jobs, we would have seen a different outcome in the 2016 election. Back in 2009, the Electronic Privacy Information Center (EPIC), which I head, and a coalition of consumer organizations filed a complaint with the Federal Trade Commission. It alleged that Facebook was overriding user settings and allowing third parties to obtain users’ private information without their consent. We had conducted extensive research, documented the problem of Facebook’s changing privacy settings, and turned to the FTC to seek a legal order. The Federal Trade Commission launched an investigation, and in a comprehensive settlement with the company in 2011, made clear that it agreed with us. As the FTC said at the time, “Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming or get their approval in advance.” Also, from the 2011 settlement: “Facebook represented that third-party apps that users installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.” Much of this was in our original complaint…” [Marc Rotenberg is President of the Electronic Privacy Information Center (EPIC.ORG) in Washington, DC, an organization he founded in 1994 to focus public attention on emerging privacy and civil liberties issues. A leading expert in Internet policy, Marc testifies frequently before Congress, litigates important public interest cases, and lectures widely around the world. He is the author of many books and articles including “Privacy in the Modern Age: The Search for Solutions.” EPIC’s recent work concerns “Algorithmic Transparency” and “Data Protection.” Marc is a graduate of Harvard College and Stanford Law School and teaches both privacy law and open government litigation at Georgetown University Law Center.]

Sorry, comments are closed for this post.