By Deepa Seetharaman and Kirsten Grind
Facebook Inc.'s loose approach to policing how app creators and
others deployed its user data persisted for years, including after
a 2015 effort by the social network to restrict access, according
to court documents and people familiar with Facebook. The
social-media giant is now dealing with the fallout.
The Federal Trade Commission is investigating whether Facebook
violated terms of a 2011 settlement when data of up to 50 million
users was transferred to an analytics firm tied to President Donald
Trump's campaign, a person familiar with the matter said on
Tuesday. If the FTC finds that Facebook violated the settlement
terms, the company could face millions of dollars in fines.
That firm, Cambridge Analytica, said Tuesday it is launching its
own investigation to determine if the company engaged in any
wrongdoing. In addition, it said it was suspending its chief
executive, Alexander Nix, after a video released Monday depicted
Mr. Nix touting campaign tactics such as entrapping political
opponents with bribes and sex. A spokesman said the comments by Mr.
Nix in the video "do not represent the values or operations of the
firm, and his suspension reflects the seriousness with which we
view this violation."
Meanwhile, Canada's privacy commissioner said Tuesday it had
formally opened its own investigation into alleged unauthorized
access and use of Facebook user profiles, focusing on the company's
compliance with Canada's privacy law.
The user-data controversy, which knocked another 2.6% off
Facebook's stock price Tuesday, after it fell 6.8% Monday,
highlights the company's struggle to manage its vast platform,
which is accessed by more than two billion accounts a month, and
its oversight of user records collected by developers, who for
years had tremendous access to the social network's
information.
It also again underscores the broader challenge for Facebook:
how to balance the pursuit of digital advertising dollars, which
depend on selling access to user data, with protecting the privacy
of users.
The Cambridge Analytica crisis has its roots in a 2007 decision
by Facebook to open access to its so-called social graph -- the web
of friend connections, "likes" and other Facebook activity that
knit users together.
While advertisers pay to reach Facebook's users, app developers
were for years able to tap that data by creating an app that
plugged into Facebook's platform. Tens of thousands of app
developers and others eventually used the data, giving birth to a
new crop of dating and job-search apps, as well as a new form of
political campaigning.
Facebook let developers accumulate data if they followed rules
that included only using information they needed to operate their
services and avoiding doing anything to "confuse, deceive, defraud,
mislead, spam or surprise anyone."
Although Facebook had rules stating the terms under which
developers could accumulate data, it appeared not to be able to
ensure its rules were being followed, developers and former
employees said. In interviews, developers said Facebook officials
were sometimes unclear about how developers could use the data they
gathered from the platform.
"Their enforcement mechanism is, if they notice it, they tell
you to stop," says Nick Soman, founder and chief executive of the
health-care company Decent, which has accessed Facebook's data in
the past.
"On an ongoing basis, we also do a variety of manual and
automated checks to ensure compliance with our policies and a
positive experience for users," a Facebook spokesman said.
Around 2011, Facebook users started complaining to the social
network that some of their old profile data was inexplicably posted
for anyone to view on a little-known search site called Profile
Engine, court records allege. Facebook sued the developer two years
later, saying it had violated its agreement, but not before the
details of about 420 million user profiles were collected,
according to the court records. The suit was settled in 2014 for an
undisclosed amount.
President Barack Obama's 2012 re-election campaign created a
voter-outreach app that found other potential supporters among its
users' connections on Facebook by plugging directly into the
company's platform. By 2016, Facebook had changed its platform
rules, making it impossible for other campaigns to do the same.
In 2014, Facebook said it would restrict developers' access to
many data points about app users' friends, citing privacy concerns.
But even after the policy went into effect in 2015, Facebook
couldn't keep track of how developers used previously downloaded
data, according to current and former employees.
The Facebook data allegedly used by Cambridge Analytica was
provided by an academic who wasn't authorized to share the user
data under Facebook's policies. Cambridge Analytica has said it
didn't break Facebook's rules.
On Friday, Facebook said it learned about the academic sharing
the data in 2015 and demanded the parties delete the data. Facebook
said it learned this month the parties kept those records despite
saying the information had been destroyed.
Sandy Parakilas, a former Facebook platform-operations manager
from 2011 to 2012, said in an interview that Facebook was primarily
alerted to data-policy violations from media reports or companies
that said competing apps were breaking Facebook's rules.
According to Mr. Parakilas, a media report in 2011 said the
social-media startup Klout Inc. had created profiles for minors
without their knowledge using Facebook data. Klout quickly stopped
the practice after the report, Mr. Parakilas said.
Soon after, Mr. Parakilas said, he called Klout's management
team to ask if the startup was violating Facebook's data policies.
Klout officials denied it violated the policies, Mr. Parakilas
said, and he asked the company to make it sure it wasn't violating
the policies in the future.
"And that was it. They continued to access the platform," Mr.
Parakilas said in an interview. "We never got to the answer of what
happened."
He added: "The main enforcement mechanism was call them and yell
at them."
Klout couldn't be immediately reached for comment.
Facing criticism over user privacy, Facebook in 2015 rolled out
new restrictions to the type of data outside parties could access,
making it harder for them in particular to get data on a user's
friend base.
But Facebook didn't instruct developers to delete the data they
had already captured, nor did it follow up to see if developers
were still using it, according to some developers.
Developers and other parties were informed of the change through
an email notifying them data access would soon be restricted, and
given some time to comply, developers said.
--Jim Oberman and John D. McKinnon contributed to this
article.
(END) Dow Jones Newswires
March 20, 2018 20:20 ET (00:20 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Feb 2024 to Mar 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Mar 2023 to Mar 2024