The Federal Trade Commission (FTC) has confirmed it’s investigating Facebook’s privacy practices in light of the data misuse scandal currently engulfing the company.
In a statement regarding reported concerns about Facebook’s privacy practices today, Tom Pahl, acting director of the Federal Trade Commission’s Bureau of Consumer Protection, said:
The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.
On March 17, reports in the New York Times and the Observer of London suggested Trump-campaign linked UK-based political consultancy, Cambridge Analytica, had been able to buy data on 50 million Facebook users in 2015 to use for microtargeting political advertising.
The data had been gathered via a third party survey app running on Facebook’s platform and using its API to pull data on the friends of the 270,000 respondents who answered the survey.
At the weekend Facebook took out full page newspaper ads in the US and UK apologizing for failing to protect users’ information.
Billions have been wiped off the company’s share price since the scandal broke.
The company’s share price also fell more than 5% today, on the news of the FTC announcement.
The consumer watchdog previously investigated Facebook over deceptive privacy claims, back in 2011.
And in 2012, as part of an FTC settlement, Facebook promised it would give users “clear and prominent notice” and get their consent before sharing their information beyond their privacy settings.
It also agree to two decades of biennial audits.
Facebook avoided a financial penalty at the time, though if the FTC goes on to decide the company violated that earlier initial agreement it could certainly be on the hook for fines — fines which the Washington Post has suggested could scale to trillions of dollars if the FTC’s $40,000 per privacy violation is multiplied by the 50M Facebook users whose data was passed to Cambridge Analytica.
Whatever any eventual financial penalty might be, the reputational damage Facebook is suffering as a result of this snowballing data handling scandal is bad enough, adding to calls for policymakers to regulate social media platforms.
We’ve reached out to Facebook for comment on the FTC’s announcement — at the time of writing the company had not responded. Update: In a statement, Rob Sherman, Facebook’s deputy chief privacy officer said: “We remain strongly committed to protecting people’s information. We appreciate the opportunity to answer questions the FTC may have.”
See more of our coverage on the Facebook-Cambridge Analytica scandal here: