By Deepa Seetharaman and Kirsten Grind 

Facebook Inc.'s loose approach to policing how app creators and others deployed its user data persisted for years, including after a 2015 effort by the social network to restrict access, according to court documents and people familiar with Facebook. The social-media giant is now dealing with the fallout.

The Federal Trade Commission is investigating whether Facebook violated terms of a 2011 settlement when data of up to 50 million users was transferred to an analytics firm tied to President Donald Trump's campaign, a person familiar with the matter said on Tuesday. If the FTC finds that Facebook violated the settlement terms, the company could face millions of dollars in fines.

That firm, Cambridge Analytica, said Tuesday it is launching its own investigation to determine if the company engaged in any wrongdoing. In addition, it said it was suspending its chief executive, Alexander Nix, after a video released Monday depicted Mr. Nix touting campaign tactics such as entrapping political opponents with bribes and sex. A spokesman said the comments by Mr. Nix in the video "do not represent the values or operations of the firm, and his suspension reflects the seriousness with which we view this violation."

Meanwhile, Canada's privacy commissioner said Tuesday it had formally opened its own investigation into alleged unauthorized access and use of Facebook user profiles, focusing on the company's compliance with Canada's privacy law.

The user-data controversy, which knocked another 2.6% off Facebook's stock price Tuesday, after it fell 6.8% Monday, highlights the company's struggle to manage its vast platform, which is accessed by more than two billion accounts a month, and its oversight of user records collected by developers, who for years had tremendous access to the social network's information.

It also again underscores the broader challenge for Facebook: how to balance the pursuit of digital advertising dollars, which depend on selling access to user data, with protecting the privacy of users.

The Cambridge Analytica crisis has its roots in a 2007 decision by Facebook to open access to its so-called social graph -- the web of friend connections, "likes" and other Facebook activity that knit users together.

While advertisers pay to reach Facebook's users, app developers were for years able to tap that data by creating an app that plugged into Facebook's platform. Tens of thousands of app developers and others eventually used the data, giving birth to a new crop of dating and job-search apps, as well as a new form of political campaigning.

Facebook let developers accumulate data if they followed rules that included only using information they needed to operate their services and avoiding doing anything to "confuse, deceive, defraud, mislead, spam or surprise anyone."

Although Facebook had rules stating the terms under which developers could accumulate data, it appeared not to be able to ensure its rules were being followed, developers and former employees said. In interviews, developers said Facebook officials were sometimes unclear about how developers could use the data they gathered from the platform.

"Their enforcement mechanism is, if they notice it, they tell you to stop," says Nick Soman, founder and chief executive of the health-care company Decent, which has accessed Facebook's data in the past.

"On an ongoing basis, we also do a variety of manual and automated checks to ensure compliance with our policies and a positive experience for users," a Facebook spokesman said.

Around 2011, Facebook users started complaining to the social network that some of their old profile data was inexplicably posted for anyone to view on a little-known search site called Profile Engine, court records allege. Facebook sued the developer two years later, saying it had violated its agreement, but not before the details of about 420 million user profiles were collected, according to the court records. The suit was settled in 2014 for an undisclosed amount.

President Barack Obama's 2012 re-election campaign created a voter-outreach app that found other potential supporters among its users' connections on Facebook by plugging directly into the company's platform. By 2016, Facebook had changed its platform rules, making it impossible for other campaigns to do the same.

In 2014, Facebook said it would restrict developers' access to many data points about app users' friends, citing privacy concerns. But even after the policy went into effect in 2015, Facebook couldn't keep track of how developers used previously downloaded data, according to current and former employees.

The Facebook data allegedly used by Cambridge Analytica was provided by an academic who wasn't authorized to share the user data under Facebook's policies. Cambridge Analytica has said it didn't break Facebook's rules.

On Friday, Facebook said it learned about the academic sharing the data in 2015 and demanded the parties delete the data. Facebook said it learned this month the parties kept those records despite saying the information had been destroyed.

Sandy Parakilas, a former Facebook platform-operations manager from 2011 to 2012, said in an interview that Facebook was primarily alerted to data-policy violations from media reports or companies that said competing apps were breaking Facebook's rules.

According to Mr. Parakilas, a media report in 2011 said the social-media startup Klout Inc. had created profiles for minors without their knowledge using Facebook data. Klout quickly stopped the practice after the report, Mr. Parakilas said.

Soon after, Mr. Parakilas said, he called Klout's management team to ask if the startup was violating Facebook's data policies. Klout officials denied it violated the policies, Mr. Parakilas said, and he asked the company to make it sure it wasn't violating the policies in the future.

"And that was it. They continued to access the platform," Mr. Parakilas said in an interview. "We never got to the answer of what happened."

He added: "The main enforcement mechanism was call them and yell at them."

Klout couldn't be immediately reached for comment.

Facing criticism over user privacy, Facebook in 2015 rolled out new restrictions to the type of data outside parties could access, making it harder for them in particular to get data on a user's friend base.

But Facebook didn't instruct developers to delete the data they had already captured, nor did it follow up to see if developers were still using it, according to some developers.

Developers and other parties were informed of the change through an email notifying them data access would soon be restricted, and given some time to comply, developers said.

--Jim Oberman and John D. McKinnon contributed to this article.

 

(END) Dow Jones Newswires

March 20, 2018 20:20 ET (00:20 GMT)

Copyright (c) 2018 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Meta Platforms Charts.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Meta Platforms Charts.