Regulators are Investigating Facebook’s Privacy Practices

Regulators, from several countries, are investigating Facebook’s privacy practices. This comes after Facebook has done numerous sketchy things with user’s personal information, passwords, and data. It seems to me that at least one of these investigations will result in meaningful consequences and/or penalties for Facebook.

In the United States, New York Attorney General Letitia James announced an investigation into Facebook’s unauthorized collection of 1.5 million Facebook users’ email contact databases.

“It is time Facebook is held accountable for how it handles consumers’ personal information,” said Attorney General Letitia James. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data. Facebook’s announcement that it harvested 1.5 million users’ email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting personal information.”

Ireland’s Data Protection Commission has commenced a statutory inquiry in relation to Facebook’s storing of the passwords of hundreds of millions of Facebook, Facebook Lite and Instagram users in plain text on Facebook’s internal servers. The inquiry will determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.

The Office of the Privacy Commissioner of Canada did a joint investigation of Facebook with the Information and Privacy Commissioner for British Columbia. It focused on the TYDL App. (“thisisyourdigitallife). A summary of the investigation found:

  • Facebook failed to obtain valid and meaningful consent of installing users.
  • Facebook also failed to obtain meaningful consent from friends of installing users.
  • Facebook had inadequate safeguards to protect user information.
  • Facebook failed to be accountable for user information under its control.

In February of 2019, Germany’s Bundeskartellmant prohibited Facebook from combining user data from different sources. Also in February, the House of Commons Digital, Media, and Sport Committee in the UK released a report in which it called Facebook “digital gangsters”. The Committee concluded that Facebook broke privacy and competition law and should be subject to statutory regulation.