FTC goes after Facebook

The US Federal Trade Commission (FTC) confirmed on Monday that it’s investigating how the personal information of 50 million users slipped through Facebook’s grasp and wound up with data analytics firm Cambridge Analytica (CA).

Last week, the FTC declined to confirm that it was investigating Facebook, including whether the company violated a consent decree signed with the agency in 2011. That decree required that Facebook notify users and receive explicit permission before sharing personal data beyond their specified privacy settings.

Any violations of the consent decree could carry a penalty of $40,000 a pop.

The statement issued by Tom Pahl, Acting Director of the FTC’s Bureau of Consumer Protection, about the concerns regarding Facebook’s privacy practices:

The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act.

Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.

Privacy practices? What privacy practices?

According to multiple whistleblowers, Facebook basically rolled over and played dead while CA and other developers blithely scraped away its users’ data.

Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, spoke to British MPs last week. Parakilas said that during his tenure, he got the impression that Facebook feared looking too closely at the unvetted developers who’d been given access to Facebook servers and the user data therein, frightened as it was that lifting up the rock could lead to liability over policies or laws being broken in data breaches.

As it is, CA is believed to have used such data to create what it’s dubbed “psychographic profiles” with which to microtarget Facebook users in the 2016 presidential campaign, the Brexit campaign, and the campaigns of US Republicans including Ted Cruz, Ben Carson, Tom Cotton, John Bolton, et al.

And just where was Facebook during all this? The FTC says its probe will determine whether the company “failed” to honor its privacy promises.

Former FTC officials told the Washington Post that the investigation could lead to fines in the trillions of dollars.

Facebook’s putting on its game face. Rob Sherman, deputy chief privacy officer, told CNBC that the company would “appreciate the opportunity to answer questions the FTC may have.”