Facebook CEO Mark Zuckerberg said that the company did not provide notification to the Federal Trade Commission (FTC) about the original user data leakage that triggered its most recent privacy scandal in testimony before the Senate Judiciary and Commerce, Science, and Transportation committees.
In response to a question over whether Facebook's staff notified anyone at the FTC about the consumer data leakage from 2015 when Facebook claimed it learned about the data leak, Zuckerberg said: "They considered it a 'closed case'.
Cambridge Analytica's access to Facebook user data, which was acquired improperly through a 3rd party quiz application, is at the heart of Facebook's latest scandal and Facebook's failure and lack on intent to notify the FTC of the data leakage could have triggered the recent probe by the commission.
Tom Pahl (acting director) of the FTC's Bureau of Consumer Protection, said in a statement:
"The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is the enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices."
The terms of the initial settlement deal between Facebook and the SEC in 2011 prohibited the company from making misrepresentations about the privacy or security of user's personal information and express consent to be given to the company before changing privacy preferences.
The agreement also included the following commitment agreed with Facebook:
that it “establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.”
Image: Getty Images
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.ftc.gov/news-events/press-releases/2018/03/statement-acting-director-ftcs-bureau-consumer-protection