Acting Director Tom Pahl of the Federal Trade Commission (“FTC”) Bureau of Consumer Protection confirmed that the FTC is investigating the data privacy practices of Facebook Inc. (“Facebook”) following reports that Cambridge Analytica, a data collection and analytics firm, may have misappropriated the personal information of over 50 million users. Facebook previously settled charges with the FTC in 2011 for deceiving consumers regarding the privacy of their account information. The conditions of that settlement required Facebook to obtain approval from consumers before changing the way it shares their data, and to periodically review its privacy practices. The 2011 charges alleged that Facebook’s practices violated Section 5(a) of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices in or affecting commerce.
In addition, a group of 37 Attorneys General issued a letter to Facebook CEO Mark Zuckerberg requesting information on Facebook’s policies and procedures for protecting users’ personal information, as well as the social networking platform’s plans for improving privacy controls and disclosures going forward. Watchdog group Common Cause filed complaints with the Department of Justice and the Federal Election Commission accusing Cambridge Analytica of violating federal election laws.
Earlier this month, Facebook stated that a University of Cambridge professor created an application that used Facebook’s platform to gain access to consumers’ information. At the time, Facebook argued that the situation was not a data breach because consumers knowingly gave away their consent when they signed up for the app. Since then, however, Facebook acknowledged that the professor violated Facebook’s Platform Policies by failing to disclose that the data collected was passed onto data collections and analytics firms, Strategic Communication Laboratories and its affiliate corporation, Cambridge Analytica.