Audit Cleared Facebook's Privacy Practices Despite Cambridge Analytica Leak
April 19 2018 - 10:45PM
Dow Jones News
By Deepa Seetharaman and John D. McKinnon
An auditor reviewing Facebook Inc.'s privacy practices gave the
social-media company a clean bill of health in a report to federal
authorities last year -- well after Facebook discovered that
political consulting firm Cambridge Analytica improperly obtained
millions of users' personal data.
"In our opinion, Facebook's privacy controls were operating with
sufficient effectiveness to provide reasonable assurance to protect
the privacy of covered information," the auditing firm,
PricewaterhouseCoopers, said in the report to the Federal Trade
Commission dated April 12, 2017. A heavily redacted version of the
report is posted on the FTC's website.
The audit, which covers a two-year period ended in February
2017, was required as part of a settlement that Facebook reached
with the FTC in 2011 to ensure the company was clearly informing
users about the way their data was being used. But PwC's
conclusions raise questions about the vigor of its vetting process
at a time of mounting questions about Facebook's ability to protect
user privacy.
During the time covered by the audit, Facebook discovered that
an outside researcher broke its data-use rules by sharing user
records with other companies, including data-analytics firm
Cambridge Analytica, which worked with the Trump campaign in 2016.
Facebook learned about the incident in late 2015 through media
reports, but didn't notify affected users or publicly address the
issue until this spring.
Included in the April 2017 audit was Facebook's assessment of
its own work. It said its privacy program "contains controls and
procedures appropriate to its size and complexity, the nature and
scope of its activities, and the sensitivity of the covered
information."
It isn't clear whether Facebook informed PwC or whether it was
required to tell the firm about the incident with Cambridge
Analytica.
"We remain strongly committed to protecting people's
information. We appreciate the opportunity to answer questions the
FTC may have," Rob Sherman, Facebook's deputy chief privacy
officer, said in a written statement.
PwC didn't immediately return a request for comment. The FTC
declined to comment. The agency has previously said it is
investigating whether Facebook violated its consent decree.
Facebook has said it didn't.
Since its disclosure last month, Facebook has struggled to calm
a firestorm of criticism from users, advertisers, politicians and
officials in the U.S. and Europe about its data-collection
practices as well as its loose oversight of user information
downloaded by scores of outside developers.
Data from about 87 million users could have been improperly
shared with Cambridge Analytica, Facebook said earlier this month.
The company also has said "most people on Facebook" could have had
information scraped by marketers who used a now-defunct feature
that distributed profile data connected to users' email addresses
and phone numbers.
In back-to-back congressional hearings last week, Chief
Executive Mark Zuckerberg was repeatedly asked about how Facebook
scoops up user data and about the controls it puts in place to
secure users' records. Several lawmakers across the political
spectrum expressed support for new regulation of Facebook and other
internet platforms.
The FTC in 2011 charged Facebook with deceiving consumers by
telling them they could keep their data private, but then
repeatedly allowing the data to be shared and made public. A
consent decree reached by the two sides in November 2011, and
approved in 2012, requires Facebook to give consumers clear and
prominent notice and obtain their express consent before sharing
their information beyond their privacy settings, among other
measures.
Whether Facebook violated its FTC settlement is now a matter of
intense debate. If the FTC finds that Facebook violated the decree,
the company could face millions of dollars in fines as well as harm
to its reputation with users. Last month, 37 state attorneys
general sent Facebook a letter demanding explanations for its
practices.
Marc Rotenberg, president of the Electronic Privacy Information
Center, said the FTC released the latest reports after the group
requested it. EPIC was one of the groups that complained about
Facebook originally to the FTC, leading to the 2011 settlement.
"Not clear why a company that has asked us to give up so much
privacy should be allowed to maintain so much secrecy," Mr.
Rotenberg said.
(END) Dow Jones Newswires
April 19, 2018 22:30 ET (02:30 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Aug 2024 to Sep 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Sep 2023 to Sep 2024