Financial Times SUBSCRIBESIGN INWorldFacebook affair: the legal quest

1.  
2. Financial Times
3. SUBSCRIBE
4. SIGN IN
5. World
6. Facebook affair: the legal questions
7. Did the company violate its 2011 settlement with the US Federal Trade Commission?
8.  
9. March 21, 2018 10:54 am by Kadhim Shubber in Washington
10. Facebook is facing investigations on multiple fronts after revelations that data on 50m users were improperly harvested by an analytics firm used by Donald Trump’s campaign.
11.  
12. The most serious of these inquiries may be one by the US Federal Trade Commission, which settled a similar privacy complaint with Facebook in 2011.
13.  
14. The FTC is looking into whether Facebook violated its 2011 settlement by allowing the misuse of user data ostensibly collected for academic research.
15.  
16.  
17. Facebook could be liable for fines of up to $40,000 per affected user if it is found to have broken its 20-year agreement with FTC.
18.  
19. Cambridge Analytica, the British firm employed by the Trump campaign, said it deleted the data when it realised it had been collected in violation of Facebook’s terms of service.
20.  
21. Facebook has suspended the firm and is investigating whether or not the data were deleted. It has denied any violation of the 2011 settlement.
22.  
23. “We remain strongly committed to protecting people’s information. We appreciate the opportunity to answer questions the FTC may have,” said Rob Sherman, Facebook’s deputy chief privacy officer.
24.  
25. The FTC did not comment on whether it was investigating Facebook but a spokesperson said it was aware of the claims against Facebook: “We take any allegations of violations of our consent decrees very seriously.”
26.  
27. What was Facebook’s 2011 settlement with the FTC about?
28. Facebook’s settlement stemmed from data privacy complaints against the social network in 2009. A group of consumer groups, including the Electronic Privacy Information Center, said the social network was misleading users about how their data were used.
29.  
30. For example, a person might set their privacy settings on Facebook to restrict certain information to just their friends. But the data were still shared with third-party applications their friends had signed up with.
31.  
32. Similarly, Facebook told customers that developers only received personal data that were needed for their apps to function. In fact, developers had access to almost all of their personal data, the FTC concluded.
33.  
34. What did the settlement require Facebook to do?
35. For the most part, it requires Facebook to be more upfront and honest with its customers about how their data are used, who they are shared with and how secure they are.
36.  
37. The order states that Facebook cannot “misrepresent in any manner, expressly or by implication” what it does with user data, including sharing it with third parties.
38.  
39. The social network also had to implement a “comprehensive privacy program that is reasonably designed to . . . protect the privacy and confidentiality” of its customers information.
40.  
41. Facebook was ordered to retain any documents that “contradict, qualify, or call into question” its compliance with the order to help the FTC’s monitoring.
42.  
43. What are the potential issues for Facebook?
44. The Cambridge Analytica revelations raise questions about the extent to which Facebook took adequate steps to protect customer data and whether users were fully aware that they were handing over their personal information.
45.  
46. Sandy Parakilas, a former platform operations manager at Facebook, told The Guardian this week: “All of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data.”
47.  
48. Critics of the company have also pointed to design changes that TechCrunch argued in 2012 encouraged users to “add apps on Facebook without realising we’re granting those apps (and their creators) access to our personal information”.
49.  
50. The issue is potentially exacerbated because only a small number of Facebook users explicitly provided their own information to the questionnaire app from which Cambridge Analytica sourced its data.
51.  
52. The vast majority of the 50m profiles were harvested because in 2010 Facebook gave developers access to a broad set of information about the friends of people who used their app.
53.  
54. In 2014, Facebook began to restrict this flow of information and gave users more control over what developers received. It suggested that some users may not have been aware that their data were being shared in this way.
55.  
56. In a company blog post announcing the change, a Facebook developer wrote, “We’ve heard from people that they’re often surprised when a friend shares their information with an app”.
57.  
58. What is Facebook’s position?
59. A key line in the consent order for Facebook states that it does not need to ask users for their permission when sharing their data if it respects their privacy settings and is initiated by “another user authorised to access such information”. An authorised user could be a person sharing their friends’ data with an app.
60.  
61. Facebook hinted at this clause on Monday. It said: “We respected the privacy settings that people had in place.”
62.  
63. Last Friday, Paul Grewal, Facebook’s deputy general counsel, said the company does “a variety of manual and automated checks” including “random audits of existing apps” to ensure user data are not being misused.
64.  
65. He said that in the past five years Facebook had made “significant improvements” in its ability to prevent and detect violations by app developers. He added that Facebook gives users “the tools to control their experience” and allowed them to choose which information to share with developers.
66.  
67. What could happen to Facebook if it is found to have violated the agreement?
68. In 2016, the FTC raised its civil penalties to $40,000 per day for violations. David Vladeck, a former director of the FTC’s Bureau of Consumer Protection, said the penalty could be applied for each of the 50m users affected.
69.  
70. However, when the FTC took action against Google in 2012 for violating a settlement agreed the previous year — a case the FTC highlighted in comments on Tuesday — the fine was $22.5m.
71.  
72.  
73. Copyright The Financial Times Limited . All rights reserved. Please don't copy articles from FT.com and redistribute by email or post to the web.
74.  
75. Latest on
76. Facebook Inc
77. Cambridge academic claims to be ‘scapegoat’ in Facebook data scandal
78. March 21, 2018 9:33 am
79. Well that’s one reason to buy yen…
80. March 21, 2018 8:11 am
81. Facebook plunge leaves valuation at cheapest since IPO
82. March 21, 2018 5:00 am
83. Cambridge Analytica exploited the data rush with style
84. March 21, 2018 5:00 am
85. Amazon elbows Alphabet aside as second most valuable company
86. March 21, 2018 1:44 am
87. Latest on
88. World
89. UK government borrowing on track for decade-low despite February rise
90. March 21, 2018 10:42 am
91. Fish-flinging flop for Jacob Rees-Mogg in chaotic Brexit protest
92. March 21, 2018 10:03 am
93. UK wage growth accelerates, while unemployment rate slips
94. March 21, 2018 9:48 am
95. South Korea’s Moon hints at summit with Kim and Trump
96. March 21, 2018 9:19 am
97. China to create global broadcast champion
98. March 21, 2018 8:57 am
99. Legal & Privacy
100. Terms & Conditions
101. Slavery Statement
102. Privacy
103. Cookies
104. Copyright
105. FT and ‘Financial Times’ are trademarks of The Financial Times Ltd.
106. The Financial Times and its journalism are subject to a self-regulation regime under the FT Editorial Code of Practice.