Washington, DC - The Federal Trade Commission (FTC) has confirmed it will investigate whether Facebook violated a 2011 consent decree after concerning reports about how it handled the personal data of 50 million users and how that data was transmitted to data firm Cambridge Analytica without those users' knowledge, Bloomberg reports, citing sources familiar with the matter.
The FTC’s statement reads in part: “The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.”
In the 2011 settlement, Facebook agreed to obtain user consent for certain privacy setting changes after a complaint that the company changed user settings without notifying people.
In this latest case, widely reported by national media due to its possible links to the Trump-Russia investigation, users’ Facebook profiles were harvested by an app for data, which then passed the information to Cambridge Analytica, which has ties to Donald Trump's presidential campaign. This heightened concerns over whether such data were used to try to influence the outcome of the 2016 U.S. presidential election and the Brexit vote.
Bay City News Service in San Francisco is reporting that Facebook users and shareholders filed four lawsuits in federal court in San Francisco and San Jose related to the data breach.
One suit claims the Menlo Park, Calif.-based company acted with "absolute disregard" for her personal information after allegedly representing that it wouldn't disclose the data without permission or notice. The suit says that during the 2016 election, the user was "frequently targeted with political ads while using Facebook."
Facebook CEO Mark Zuckerberg has since apologized via several full-page ads in U.S. and U.K. newspapers for the breach of trust and said the company would investigate all apps that had access to large amounts of data.
Some companies, including Commerzbank and Mozilla, have suspended ad campaigns on Facebook.
"We are pausing our campaign on Facebook. Brand safety and data security are very important to us," Uwe Hellmann, Commerzbank's head of brand strategy, told Handelsblatt newspaper Thursday, according to Reuters.
Mozilla published a blog saying it will suspend its advertising until Facebook takes action to strengthen its default privacy settings. "Mozilla is pressing pause on our Facebook advertising," it said. "While we believe there is still more to learn, we found that its current default settings leave access open to a lot of data – particularly with respect to settings for third-party apps."
Some predict Facebook will emerge from the issue stronger. Analyst Brad Gerstner, CEO and founder of Altimeter Capital Management, told CNBC last week that Facebook “hasn't even scratched that surface. There are tremendous pools of advertising dollars that will flow to Facebook in the years ahead."
In the meantime, lawmakers are calling on Zuckerberg to testify about the fiasco.
Reps. Greg Walden (R-OR) and Frank Pallone, Jr. (D-NJ), chairman and ranking member of the House Commerce Committee, wrote in a statement that many questions "were left unanswered" after a briefing last week with Facebook officials. And Sen. Ron Wyden (D-OR) is also asking Zuckerberg whether the company attempted to notify the 50 million users who were impacted by the data harvesting.
Carolyn Everson, Facebook’s vice president of global marketing solutions, told Adweek the company is “taking unconditional responsibility” for the breach. “We’re putting in very, very strong changes to our platform policy and to ensure, at the end of the day, the most important thing that we need to do is protect consumer data and to ensure and restore consumer trust in that we are really protecting their privacy.”
