Facebook was started by Mark Zuckerberg in 2004 as a social networking site for Harvard undergraduates. It is now the largest social network in the world. As of April 2018, it has over 2.13 billion active users worldwide and 214 million users in the United States.
Throughout its history, Facebook has misled its users and undermined their privacy. The [L: background] below chronicles just some of instances in which EPIC has challenged Facebook’s privacy abuses. EPIC is engaged in ongoing efforts before Congress, the courts, and the Federal Trade Commission to protect the privacy of Facebook users.
- Facebook Backs Down from Forced WhatsApp Privacy Changes:
- Irish High Court Orders DPC to Move Forward in Facebook Investigation: The Irish High Court today issued an order in a follow-on case to Irish Data Protection Commissioner v. Facebook and Schrems (“Schrems II”) and, as a result, the investigation into Facebook’s U.S.-EU data transfers will move forward. The case arises from a complaint filed with the DPC in Ireland against Facebook by privacy activist Max Schrems in 2013 alleging that the company violated EU law when it transferred personal data to the U.S. (where the company is obliged to provide access to the government). The case has since been referred two separate times to the highest court in Europe (the CJEU), and has led to the invalidation of both the U.S.-EU Safe Harbor Agreement and the U.S.-EU Privacy Shield Agreement. The CJEU in the Schrems II decision last year remanded the case to the Irish DPC to determine whether Facebook violated the law and whether it was necessary to block Facebook’s U.S.-EU data transfers. The DPC later issued a Preliminary Draft Decision to Facebook and laid out procedures for the inquiry. Both Facebook and Schrems challenged the DPC procedures. The DPC agreed in a settlement with Schrems that it would complete the investigation into his original complaint. The Irish High Court today rejected Facebook’s challenge to the DPC inquiry, and both the Schrems complaint and this new DPC inquiry against Facebook will move forward. EPIC participated as an amicus curiae in Schrems II, arguing that U.S. Surveillance law does not provide adequate privacy protections or remedies for non-U.S. persons abroad. (May. 14, 2021)
- Lawmakers Call on Facebook to Reverse WhatsApp Terms of Service Update + (May. 11, 2021)
- State AGs Push Back Against Facebook’s Plan to Launch Instagram for Children + (May. 11, 2021)
- Facebook Breach Exposes Personal Data of Over 500 Million Users + (Apr. 6, 2021)
- WhatsApp Policy Change Highlights Privacy Risks EPIC Warned of in Facebook Acquisition + (Jan. 15, 2021)
- BREAKING: 48 States and U.S. Sue Facebook Seeking to End Illegal Monopoly + (Dec. 9, 2020)
- House Judiciary Committee Reports on Competition in Digital Markets + (Oct. 6, 2020)
- Facebook Integrates Instagram and Messenger + (Oct. 1, 2020)
- Facebook to be Ordered to Stop Sending EU Data to U.S. + (Sep. 10, 2020)
- Germany’s Highest Court Rules Facebook Illegally Combines Users’ Data, Abusing Its Market Dominance + (Jun. 24, 2020)
- Court Approves FTC-Facebook Deal, But Says Data Protection Laws Need Updating + (Apr. 24, 2020)
- Appeals Court Greenlights Privacy Suit Over Facebook’s Invasive Web Tracking + (Apr. 9, 2020)
- EPIC Celebrates Sunshine Week with 2020 FOIA Gallery + (Mar. 16, 2020)
- Appeals Court Affirms Consumer Rights to Facebook Suit, But Upholds Ineffective Settlement + (Mar. 3, 2020)
- FTC Publishes Privacy and Data Security Update + (Feb. 27, 2020)
- FTC to Investigate Prior Big Tech Acquisitions + (Feb. 12, 2020)
- “A Big Victory for Privacy Groups” – Facebook Settlement + (Jan. 30, 2020)
- Supreme Court Declines to Review Facebook Face Scan Case + (Jan. 21, 2020)
- Facing Growing Criticism, Facebook Reverses Decision to Sell Ads in WhatsApp + (Jan. 21, 2020)
- Facebook Announces Deepfakes Ban + (Jan. 7, 2020)
- Facebook Admits to Location Tracking, Ignoring Privacy Settings + (Dec. 17, 2019)
- FTC May Block Facebook Integration of WhatsApp User Data + (Dec. 17, 2019)
- Court Seeks Amicus Briefs in FTC-Facebook Settlement + (Dec. 16, 2019)
- BREAKING: Court Orders FTC and Facebook to Reply to EPIC’s Brief + (Dec. 10, 2019)
- FTC Announces Non-Penalty in Cambridge Analytica Case + (Dec. 7, 2019)
- Facebook Asks Supreme Court to Review Face Scan Decision + (Dec. 5, 2019)
- EPIC’s Rotenberg Calls For End to Facebook Political Ads + (Nov. 7, 2019)
- EPIC on Libra: “Facebook clearly cannot be trusted with consumers’ financial data” + (Oct. 23, 2019)
- Ninth Circuit Leaves in Place Case that Allows Users to Sue Facebook for Face-Scans + (Oct. 23, 2019)
- EPIC to Congress: Consumers Must Be Protected in Merger Reviews + (Oct. 18, 2019)
- Senator Cantwell to FTC: Settlement Lets Facebook “Off the Hook” + (Oct. 15, 2019)
- EPIC to Congress: 29,000 Facebook Complaints Pending at FTC + (Sep. 25, 2019)
- EPIC Uncovers 3,156 More Facebook Complaints at FTC—Over 29,000 Now Pending + (Sep. 22, 2019)
- Facebook Changes Default Setting on Facial Recognition, Following EPIC’s 2011 Recommendation + (Sep. 4, 2019)
- EPIC Says FTC Responsible for Cambridge Analytica + (Sep. 3, 2019)
- Court Grants Facebook’s Motion to Intervene in EPIC v. FTC + (Aug. 28, 2019)
- Gallup Poll: Americans Divided on Regulation for Big Tech Firms + (Aug. 22, 2019)
- Facebook Faces More Civil Rights Lawsuits + (Aug. 20, 2019)
- EPIC Pursues Intervention in FTC Facebook Case + (Aug. 12, 2019)
- Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition + (Aug. 8, 2019)
- Government Seeks to Block EPIC Intervention in Facebook Case + (Aug. 5, 2019)
- International DPAs Raise Concerns About Facebook and Libra + (Aug. 5, 2019)
- Top European Court Rules Companies Using Facebook “Like” Button Are Responsible for User Privacy + (Jul. 29, 2019)
- EPIC Challenges FTC-Facebook Settlement, Asks Court to Hear from Privacy Groups + (Jul. 26, 2019)
- EPIC Seeks Consumer Complaints about Facebook Pending Before FTC Prior to Settlement Agreement + (Jul. 25, 2019)
- FTC Opens Antitrust Investigation of Facebook + (Jul. 25, 2019)
- BREAKING – FTC Issues Facebook Fine, EPIC – “Too little, too late.” + (Jul. 24, 2019)
- EPIC Urges Antitrust Agencies to Raise their Game + (Jul. 18, 2019)
- BREAKING – EPIC Seeks Public Release of FTC Settlement with Facebook + (Jul. 15, 2019)
- EPIC on Libra: “Facebook Clearly Cannot be Trusted With Consumers’ Financial Data” + (Jul. 15, 2019)
- WSJ Reports that FTC Agrees to $5B Fine Against Facebook + (Jul. 12, 2019)
- EPIC FOIA – FTC Enforcement Director Participated in Over 100 Meetings About Facebook Post-Cambridge Analytica + (Jul. 11, 2019)
- EPIC to Discuss US Surveillance before Top European Court + (Jul. 8, 2019)
- EPIC, Coalition Oppose Facebook Libra Plan + (Jul. 3, 2019)
- EPIC Opposes Facebook’s Intervention in FOIA Case for Release of FTC’s Facebook Audits + (Jun. 17, 2019)
- With Complaints Against Facebook Piling Up, FTC Goes After Small Businesses + (Jun. 14, 2019)
- As State AGs Gather at FTC Event, Still No Action on Facebook + (Jun. 11, 2019)
- Court Rules D.C. Attorney General’s Lawsuit Against Facebook Will Proceed + (Jun. 3, 2019)
- Facebook Loses Appeal to Halt European High Court Review of EU-U.S. Data Transfer + (May. 31, 2019)
- EPIC Seeks Memos from FTC Enforcement Director About Inaction on Facebook Consent Order + (May. 30, 2019)
- New Report on the FTC’s Big Tech Revolving Door Problem + (May. 23, 2019)
- EPIC to Congress: FTC Has Failed to Protect Privacy, New Data Protection Agency Urgently Needed + (May. 6, 2019)
- Facebook Anticipates $3B-$5B Fine + (Apr. 26, 2019)
- EPIC tells FTC, “Enforcement is a measure of success” + (Apr. 16, 2019)
- EPIC FOIA – FTC Confirms Number of Pending Facebook Complaints, Doubling Every Two Years + (Apr. 3, 2019)
- EPIC FOIA – FTC Confirms More than 25,000 Facebook Complaints are Pending + (Mar. 27, 2019)
- Senators Introduce Facial Recognition Privacy Act + (Mar. 21, 2019)
- Rep. Cicilline: FTC Must Investigate Facebook’s Antitrust Violations + (Mar. 19, 2019)
- Press Conference: Facebook, Privacy, and the Consent Order (Capitol Hill, March 19) + (Mar. 18, 2019)
- EPIC Seeks from FTC All Consumer Complaints about Facebook + (Mar. 18, 2019)
- Senator Hawley Says FTC Approach to Big Tech is “Toothless” + (Mar. 11, 2019)
- Senator Blumenthal Calls on FTC to Unwind Big Tech Mergers + (Mar. 7, 2019)
- EPIC Launches #EnforceTheOrder, Urges FTC Action on Facebook + (Mar. 5, 2019)
- FTC Announces Task Force on Competition in Tech + (Feb. 26, 2019)
- UK Report Faults FTC Failure to Enforce Facebook Order + (Feb. 20, 2019)
- German Competition Authorities Impose Restrictions on Facebook for Privacy Violations + (Feb. 7, 2019)
- EPIC Joins Statement to Facebook, End Messenger for Kids + (Jan. 30, 2019)
- EU Receives 95,000 Privacy Complaints, Still No News from US FTC on Facebook Case + (Jan. 28, 2019)
- During Government Shut Down, Facebook Moves to Integrate WhatsApp User Data + (Jan. 25, 2019)
- EPIC, Open Markets, Civil Rights Groups Press FTC on Facebook Consent Order + (Jan. 23, 2019)
- Senators Urge FTC to Act Against Facebook + (Jan. 18, 2019)
- Supreme Court to Consider Open Government and Fourth Amendment in 2019 + (Jan. 11, 2019)
- D.C. Attorney General Sues Facebook + (Dec. 20, 2018)
- Facebook Gave Personal Data to Third Parties Without Consent in Violation of FTC Consent Order + (Dec. 20, 2018)
- EPIC Amicus: Unlawful Collection of Biometric Data Establishes Standing + (Dec. 18, 2018)
- Irish Court Finds Data Retention Law Violates Human Rights + (Dec. 11, 2018)
- In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites + (Dec. 7, 2018)
- Facebook Documents Raise New Questions About Consent Order Compliance + (Dec. 6, 2018)
- EPIC Urges Senate To Examine FTC’s Failure to Enforce Facebook Consent Order, Unwind WhatsApp Deal + (Nov. 26, 2018)
- EPIC Challenges FTC’s Withholdings of Records Regarding Irish Audits of Facebook + (Nov. 21, 2018)
- UK Privacy Commissioner Releases Report on Data Analytics and Political Campaigns + (Nov. 7, 2018)
- EPIC v. FTC: EPIC Obtains Facebook-FTC Emails About 2011 Consent Order + (Oct. 19, 2018)
- EPIC v. FTC: EPIC Obtains Emails about Facebook Audits + (Oct. 15, 2018)
- Consumer and Privacy Organizations Propose Framework for U.S. Data Protection + (Oct. 9, 2018)
- FTC to Explore Competition and Consumer Protection Issues at Hearings this Week + (Sep. 12, 2018)
- EPIC FOIA: EPIC Obtains Facebook Privacy Documents + (Sep. 12, 2018)
- Pew Research Surveys: Americans Have Complicated Relationship with Facebook + (Sep. 6, 2018)
- FTC Chair Seeks New Privacy and Data Security Authority + (Jul. 18, 2018)
- For House Hearing, EPIC Urges FTC to Unwind WhatsApp Deal, Enforce Facebook Consent Order + (Jul. 17, 2018)
- EPIC Asks FTC and EDPB to Suspend Transfer of Facebook User Data to Social Science One + (Jul. 13, 2018)
- EPIC to European Data Protection Board: GDPR Certifications Should Uphold Rights Above Privacy Seals + (Jul. 12, 2018)
- UK Data Watchdog Fines Facebook Maximum £500,000 for Cambridge Analytica Breach + (Jul. 11, 2018)
- FTC Announces Another Privacy Settlement, But Again Imposes No Penalties + (Jul. 2, 2018)
- Facebook’s Response to Congress Provides More Evidence of Consent Order Violations + (Jul. 2, 2018)
- EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices + (Jun. 27, 2018)
- In EPIC FOIA Case, FTC Releases New Information from Facebook Audits + (Jun. 26, 2018)
- At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order + (Jun. 19, 2018)
- EPIC Urges Senate Committee to Focus on Consent Order with Facebook + (Jun. 19, 2018)
- European Civil Liberties Committee: ‘Privacy Shield’ Should Be Suspended + (Jun. 12, 2018)
- Facebook Overrode Users’ Privacy Settings And Allowed Device Makers To Access Personal Data + (Jun. 5, 2018)
- EPIC To Senate Judiciary: Privacy Is Integral to Democracy + (May. 15, 2018)
- EPIC Seeks Records from FTC Regarding Irish Audits of Facebook + (May. 11, 2018)
- Facebook Denied Attempt to Delay Review of EU-US Personal Data Transfers + (May. 3, 2018)
- Supreme Court To Review Fairness of Cy Pres Awards In Class Action Settlements + (Apr. 30, 2018)
- EPIC Sues FTC for Release of Facebook’s Audits + (Apr. 20, 2018)
- EPIC Obtains Partial Release of 2017 Facebook Audit + (Apr. 20, 2018)
- Senator Blumenthal Calls On FTC To Enforce Consent Order Against Facebook + (Apr. 20, 2018)
- Latin American Consumer Groups Urge Facebook to Comply with GDPR in All Countries + (Apr. 19, 2018)
- European Court of Justice Receives Key Questions on Future of EU-US Personal Data Transfers + (Apr. 12, 2018)
- Zuckerberg Confirms Global Compliance with GDPR + (Apr. 11, 2018)
- US and European Consumer Groups Urge Mark Zuckerberg to Comply with GDPR in All Countries + (Apr. 9, 2018)
- EPIC Provides U.S. Report for Privacy Experts Meeting + (Apr. 9, 2018)
- EPIC Urges Senate to Focus on FTC Consent Order with Facebook + (Apr. 9, 2018)
- EPIC Comments to UN Highlight Privacy Flaws in US Surveillance, Consumer Protection + (Apr. 6, 2018)
- UPDATE – EPIC, Consumer Groups Urge FTC to Investigate Facebook’s Use of Facial Recognition + (Apr. 6, 2018)
- EPIC, Consumer Groups to Urge Federal Trade Commission to Investigate Facebook’s Use of Facial Recognition + (Apr. 5, 2018)
- EPIC, Coalition Call On Facebook to Stop Electioneering + (Mar. 28, 2018)
- State AGs Launch Facebook Investigation + (Mar. 26, 2018)
- FTC Confirms Investigation Into Facebook about 2011 Consent Order + (Mar. 26, 2018)
- EPIC FOIAs FTC, Seeks Facebook’s Privacy Assessments + (Mar. 20, 2018)
- EPIC, Consumer Groups Urge FTC To Investigate Facebook + (Mar. 20, 2018)
- Facebook “Breach” Highlights Failure of FTC to Enforce Consent Orders + (Mar. 19, 2018)
- U.K. Blocks WhatsApp From Transferring Data to Facebook + (Mar. 14, 2018)
- Axios Poll: Public Wants Big Tech Regulated + (Feb. 28, 2018)
- Court Rules that Users have Standing to Sue Facebook about Facial Recognition + (Feb. 27, 2018)
- EPIC Challenges Facebook Privacy Settlement + (Feb. 2, 2018)
- EPIC Joins Consumer and Health Groups, Urges Facebook to Scrap ‘Messenger Kids’ + (Jan. 30, 2018)
- European Court of Justice Grants Standing to Privacy Advocate But Bars Class Action under Austrian Law + (Jan. 30, 2018)
- European Court Adviser Says Facebook Privacy Class Action Barred + (Nov. 15, 2017)
- European Privacy Experts Press WhatsApp on Data Practices + (Oct. 27, 2017)
- EPIC Urges FTC To Strengthen Privacy Settlement With Uber + (Sep. 15, 2017)
- EPIC Urges Public Comments on FTC Settlement with Uber + (Sep. 6, 2017)
- Following EPIC Complaint, Uber Agrees To Stop Tracking Riders + (Aug. 29, 2017)
- After EPIC Privacy Complaint, Uber Settles with FTC + (Aug. 15, 2017)
- News Report: FTC to Act on EPIC’s Uber Complaint + (Jun. 15, 2017)
- German Court Blocks Facebook’s Efforts to Obtain WhatsApp User Data + (Apr. 27, 2017)
- European Privacy Officials Raise Concerns About US Immigration Executive Order + (Feb. 22, 2017)
- UK Information Commissioner Suspends WhatsApp Data Transfer to Facebook + (Nov. 8, 2016)
- Supreme Court Won’t Review Privacy Violations by Facebook, Google + (Oct. 4, 2016)
- Germany Prohibits WhatsApp Data Transfer to Facebook + (Sep. 27, 2016)
- European Commission Begins Investigation of WhatsApp Privacy About-Face + (Sep. 13, 2016)
- EPIC, CDD Charge WhatsApp Policy Change Unlawful, Urge FTC to Act + (Aug. 29, 2016)
- Facebook to Collect WhatsApp User Data, Violating FTC Order and Privacy Promises + (Aug. 25, 2016)
- Federal Court Upholds Photo Tagging Suit Against Facebook + (May. 8, 2016)
- Court Upholds Facebook Settlement, Allows Continued Use of Kids’ Images in Ads + (Jan. 14, 2016)
- FTC Issues Enforcement Policy Statement on Deceptive “Native” Advertising + (Dec. 22, 2015)
- European Court of Justice Hears Case Challenging “Safe Harbor” Agreement and NSA Spying + (Mar. 24, 2015)
- EPIC Files Comments with FTC on Merger Review and Consumer Privacy + (Mar. 18, 2015)
- With New Policy Changes, Facebook Tracks Users Across the Web + (Feb. 4, 2015)
- Senators Challenge Verizon’s Secret Mobile Tracking Program + (Jan. 30, 2015)
- Post-Snowden, Social Media Users Concerned About Access to Personal Data + (Nov. 13, 2014)
- European Facebook Users Privacy Lawsuit Moves Forward + (Aug. 26, 2014)
- EPIC, Consumer Groups Challenge Facebook on Web Snooping + (Jul. 29, 2014)
- Following EPIC Complaint, Senator Seeks Investigation of Facebook User Manipulation Study + (Jul. 17, 2014)
- EPIC Challenges Facebook’s Manipulation of Users, Files FTC Complaint + (Jul. 3, 2014)
- FTC Releases 2014 Data Security Update, But Enforcement Questions Remain + (Jul. 1, 2014)
- Facebook to Profile User Browsing, May Violate FTC Consent Order + (Jun. 12, 2014)
- Privacy Case Moves Forward Against Facebook and Zynga + (May. 9, 2014)
- Facebook Introduces New Privacy Features + (May. 1, 2014)
- EPIC Obtains Documents About FTC’s Facebook Investigation + (Apr. 16, 2014)
- Federal Trade Commission Backs Users in Facebook Privacy Case + (Mar. 21, 2014)
- Facebook Removes Crucial Privacy Setting for Users’ Names + (Oct. 11, 2013)
- Pressure Mounts on Facebook to Withdraw Proposed Changes, New Scrutiny of “Faceprints” + (Sep. 13, 2013)
- EPIC, Privacy Groups, Urge FTC to Block Facebook Policy Changes + (Sep. 5, 2013)
- EPIC Pursues Public Release of Facebook and MySpace Privacy Reports + (Apr. 26, 2013)
- Court Denies Appeal in Cy Pres Matter Over Objection that Settlement Fails to Provide Relief to Class Members + (Feb. 28, 2013)
- Instagram Retreats on Changes to Terms of Service, Cites User Opposition + (Dec. 21, 2012)
- Instagram Privacy Change Raises Legal Questions + (Dec. 18, 2012)
- Facebook Updates Privacy Controls, Removes Profiles Safeguard + (Dec. 13, 2012)
- EPIC Urges Vote for EXISTING Facebook Documents + (Dec. 4, 2012)
- Privacy Groups Ask Facebook to Withdraw Proposed Changes + (Nov. 26, 2012)
- Consumer Groups Ask FTC to Investigate Facebook-Datalogix Data-Matching Arrangement + (Sep. 27, 2012)
- Facebook Ceases Facial Recognition in European Union + (Sep. 21, 2012)
- Judge Rejects Settlement in Facebook “Sponsored Stories” Case + (Aug. 21, 2012)
- FTC Finalizes Settlement with Facebook + (Aug. 10, 2012)
- Judge Skeptical of Facebook Settlement + (Aug. 3, 2012)
- Illinois Becomes Third State to Prohibit Employers from Demanding Facebook Information + (Aug. 2, 2012)
- EPIC Objects to Facebook Settlement, Cites Failure to Benefit Class Members + (Jul. 13, 2012)
- EPIC Calls On FTC to Investigate Facebook Email Changes + (Jun. 27, 2012)
- Facebook Acquires Facial Recognition Company Face.com + (Jun. 20, 2012)
- Facebook Users Force Vote on Privacy Changes + (May. 22, 2012)
- Following Maryland, Congress and California Consider Bills Banning Employers From Asking for Facebook Passwords + (May. 1, 2012)
- Facebook Asks for Feedback after Policy Changes + (Apr. 23, 2012)
- Facebook Offers Revised “Download Your Information” Option + (Apr. 12, 2012)
- Maryland Passes Bill Banning Employers from Demanding Facebook Information + (Apr. 11, 2012)
- Senators Call for Investigation into Employer Demands for Facebook Passwords + (Mar. 26, 2012)
- Facebook Policy Changes Raises Questions About Compliance with 2011 Consent Order + (Mar. 23, 2012)
- Pew Study: Social Media Users Active in Protecting Privacy + (Feb. 27, 2012)
- EPIC Calls for Moratorium on Facial Recognition Technology + (Feb. 1, 2012)
- EPIC Urges FTC Investigation into Facebook Timeline + (Dec. 28, 2011)
- EPIC Submits Comments on FTC Facebook Privacy Settlement + (Dec. 28, 2011)
- EPIC Sues DHS Over Covert Surveillance of Facebook and Twitter + (Dec. 20, 2011)
- Facebook Timeline Changes User Privacy Settings. Again. + (Dec. 15, 2011)
- EPIC Launches Campaign Urging Public Comment on Facebook Privacy Settlement + (Dec. 13, 2011)
- Federal Trade Commission Announces Settlement in EPIC Facebook Privacy Complaint + (Nov. 29, 2011)
- Federal Trade Commission to Announce Settlement in EPIC Facebook Privacy Complaint + (Nov. 29, 2011)
- FTC Publishes Performance Report + (Nov. 22, 2011)
- WSJ: Facebook Close to Settlement with FTC over EPIC Complaint + (Nov. 10, 2011)
- Congress, #KWTK Presses Facebook to Disclose Secret Profiles + (Oct. 31, 2011)
- Sen. Rockefeller Requests FTC Report on Facial Recognition Technology + (Oct. 20, 2011)
- EPIC-Led Coalition Calls for FTC Facebook Investigation + (Sep. 29, 2011)
- FTC Announces Workshop on Facial Recognition Technology + (Sep. 20, 2011)
- Facebook Makes Some Changes, Privacy Complaints Still Pending + (Aug. 29, 2011)
- Facebook Makes Changes to Facial Recognition; Still Relying on Opt-Out + (Jul. 27, 2011)
- Congressman Markey Commends EPIC, Privacy Groups for Filing Facebook Complaint + (Jun. 14, 2011)
- EPIC Files Complaint, Urges Investigation of Facebook’s Facial Recognition Techniques + (Jun. 10, 2011)
- Facebook Resumes Plan to Disclose User Home Addresses and Mobile Phone Numbers + (Mar. 2, 2011)
- Facebook Enables Full-Session Encryption + (Feb. 7, 2011)
- Congressman Barton and Markey Challenge Facebook on Disclosure of Home Addresses, Mobile Phone Numbers + (Feb. 2, 2011)
- Facebook Drops Plan to Disclose Users’ Home Addresses and Personal Phone Numbers + (Jan. 18, 2011)
- Congressmen Question Facebook About Latest Privacy Breach + (Oct. 20, 2010)
- Facebook Uses RFID to Track Users’ Locations for Advertising Promotion + (Aug. 25, 2010)
- Facebook “Places” Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users + (Aug. 19, 2010)
- EPIC to Urge Congress to Strengthen Privacy Laws for Facebook Users + (Jul. 28, 2010)
- Facebook Scores Low on Consumer Satisfaction + (Jul. 22, 2010)
- Federal Trade Commission Takes Action Against Twitter, Social Network Service Settles Charges It Deceived Consumers + (Jun. 24, 2010)
- Privacy Conference Attendees Set Out Social Networking Bill of Rights + (Jun. 23, 2010)
- EPIC, Privacy Groups Recommend Further Changes for Facebook + (Jun. 16, 2010)
- Privacy Issue Attracts Fire in California Attorney General Race + (Jun. 7, 2010)
- Congress Pursues Investigation of Google and Facebook’s Business Practices + (Jun. 1, 2010)
- Facebook Expected to Announce Privacy Changes + (May. 25, 2010)
- New Facebook Privacy Complaint Filed with Trade Commission + (May. 5, 2010)
- Senators Oppose Facebook Changes, Schumer Urges Trade Commission to Regulate Social Network Services + (Apr. 27, 2010)
- Facebook’s Data Grab: New Policies Transfer Control of User Data to Facebook + (Apr. 22, 2010)
- EPIC Recommends Effective Consumer Privacy Standards, Calls Notice and Choice a “Failed Experiment” + (Mar. 17, 2010)
- Judge Waits to Decide on Proposed Settlement in Facebook Privacy Case + (Mar. 1, 2010)
- Study Ranks Top 20 Companies for Privacy in 2010, Facebook Drops Off List + (Feb. 26, 2010)
- Facebook Users Object to Beacon Settlement + (Feb. 2, 2010)
- EPIC Urges FTC to Protect Users’ Privacy On Cloud Computing and Social Networking Services + (Jan. 28, 2010)
- EPIC, Privacy Groups Oppose Facebook Settlement + (Jan. 19, 2010)
- EPIC’s Facebook Complaint of “particular interest” to FTC + (Jan. 19, 2010)
- Canadian Privacy Commission to Investigate Facebook + (Jan. 19, 2010)
- Privacy Groups File Amended Complaint regarding Facebook + (Jan. 14, 2010)
- EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission + (Dec. 17, 2009)
- Facebook Asks Users to Review Privacy Settings, Recommends Privacy Options, Questions Remain + (Dec. 9, 2009)
- Facebook to Drop Regional Networks, Change Privacy Settings + (Dec. 4, 2009)
- EPIC Urges Court to Enforce Video Privacy Law + (Nov. 4, 2009)
- Facebook to End Beacon, Establish Privacy Foundation + (Sep. 22, 2009)
- Following Canadian Investigation, Facebook Upgrades Privacy + (Aug. 28, 2009)
- Canadian Privacy Commissioner’s Deadline for Facebook Arrives, Some Changes are Made at the Social Network Company + (Aug. 17, 2009)
- EPIC Forces Disclosure of Government Contracts with Social Media Companies, Privacy Terms Missing + (Aug. 12, 2009)
- Canadian Privacy Commissioner Holds that Facebook Must Strengthen Privacy Safeguards + (Jul. 16, 2009)
- Facebook to Change User Privacy Settings + (Jul. 1, 2009)
- EPIC Seeks Government Agreements with Social Networking Companies + (Apr. 30, 2009)
- Facebook Gets Ready to Adopt Terms of Service + (Apr. 24, 2009)
- Facebook Seeks Vote on Site Governance + (Apr. 20, 2009)
- Facebook Announces Governing Principles, Statement of Rights and Responsibilities + (Feb. 26, 2009)
- On Eve of EPIC Trade Commission Complaint, Facebook Backs Down on Revised Terms of Service + (Feb. 18, 2009)
More top news
In 2007, Facebook launched Facebook Beacon, a program that broadcast users’ private online purchases on their friends’ News Feeds. Users were given no advance warning of the program and initially could not opt out. After widespread criticism, Facebook shut down Beacon in 2009.
Beacon was similar to social ads in that it broadcasts a user’s interaction with an advertiser to the feeds of that user’s friends. However, Beacon was broadcasting information from third party websites such as Overstock.com, or Ebay. Facebook promised advertisers that all they need to do is “[a]dd 3 lines of code and reach millions of users.” The advertisers determined which user actions on their website — such as adding a movie to queue, or purchasing an item, or signing up for the site — would generate feed messages.
As originally designed, users were given a brief time-limited alert which gave them the ability to opt-out of each message. As launched, the application did not permit a global opt out and did not require an affirmative opt-in before each message was broadcast.
Following protests, Facebook added two user controls to Beacon. First, users would be asked to affirmatively opt-in before a new site sent messages to their friends. Once they approved one message from that site, no further opt-ins were required. Secondly, CEO Mark Zuckerbereg announced that Facebook will allow users to globally opt-out of Beacon, preventing all message publication.
A security researcher published an examination of Beacon’s data flow, “Facebook’s Misrepresentation of Beacon’s Threat to Privacy: Tracking users who opt out or are not logged in.” The analysis showed that the Beacon system transmit information from all users of the third party site to Facebook, whether they are Facebook members, members who have opted out of Beacon ads, or never have been Facebook members. Facebook represented that it deletes the data if it cannot associate it with a Facebook member.
Facebook Beacon resulted in class action lawsuits. EPIC objected to a class action settlement that provided little monetary relief to the class while allowing Facebook to redirect settlement funds to a “Privacy Foundation” whose board would be chosen by Facebook. EPIC wrote, “[w]ith this structure, the proposed Privacy Foundation will not be sufficiently independent of Facebook to serve as an effective tool for consumer privacy protection.”
The objectors to that settlement petitioned the Supreme Court to reject it as unfair to class members. Although the Court declined to review the settlement, Chief Justice John Roberts wrote that the Supreme Court would eventually need to address “fundamental concerns” surrounding class action settlements, explaining that “[a]lthough Facebook promised to discontinue the ‘Beacon’ program itself … nothing in the settlement would preclude Facebook from reinstituting the same program with a new name.”
“Sponsored stories” involved Facebook’s use of individuals’ names and profile pictures to endorse commercial messages. If a user “liked” a page belonging to a commercial entity such as a company, brand, or organization, Facebook would automatically broadcast to the user’s friends-without the user’s consent-that they had “endorsed” that page xAD.
Facebook users challenged Facebook’s appropriation of their name and likeness in a class action lawsuit-Fraley v. Facebook. Facebook attempted to settle the suit by allocating $10 million to various non-profit groups without providing actual compensation to class members. EPIC opposed the initial settlement on the grounds that the cy pres xAD distribution would not benefit the class.
Although the court rejected the initial settlement in Fraley, the revised settlement still failed to adequately protect the privacy rights Facebook users, particularly children. EPIC filed an amicus brief in the Ninth Circuit challenging the “deeply flawed” settlement, which permitted Facebook to “continue to engage in the conduct that was the basis for the initial lawsuit,” allowing Facebook “to violate the privacy laws of many states that seeks to limit the commercial exploitation of a child’s image.” In addition, the settlement allowed Facebook to “disregard its obligations to the FTC arising from an earlier consent order as well as advertising guidelines intended to narrow the circumstances for commercial endorsement.”
Between 2008 and 2010, Facebook enacted numerous changes that overrode users’ privacy settings and disclosed personal information which users had sought to keep private. These changes were the subject of complaints by EPIC and other organizations which ultimately led to a 2011 Consent Order by the FTC.
In May 2008, the Canadian Internet Policy and Public Interest Clinic filed a complaint with the Privacy Commissioner of Canada concerning the “unnecessary and non-consensual collection and use of personal information by Facebook.” In July 2009, the Privacy Commissioner’s Office found Facebook “in contravention” of Canada’s Personal Information Protection and Electronic Documents Act. The Privacy Commissioner’s Office found:
Facebook did not have adequate safeguards in place to prevent unauthorized access by application developers to users’ personal information, and furthermore was not doing enough to ensure that meaningful consent was obtained from individuals for the disclosure of their personal information to application developers.
In June 2008, EPIC President Marc Rotenberg testified on Capitol Hill in a hearing entitled “Impact and Policy Implications of Spyware on Consumers and Businesses.” Although the hearing concerned spyware, Rotenberg used the opportunity to address the emerging privacy threats from social networks, particularly Facebook:
Users of social networking sites are also exposed to the information collection practices of third party social networking applications. On Facebook, installing applications grants this third party application provider access to nearly all of a user’s information. Significantly, third party applications do not only access the information about a given user that has added the application. Applications by default get access to much of the information about that user’s friends and network members that the user can see.
In February 2009, Facebook changed its Terms of Service to enable it to use anything a user uploaded to the site for any purpose, at any time, even after the user deleted their account. Further, the TOS did not provide a way for users to completely close their accounts. Rather, users could “deactivate” their account, but all the information would be retained by Facebook rather than deleted.
EPIC planned to file a complaint with the FTC alleging that the changed TOS were unfair and deceptive in violation of the FTC Act. On February 18, 2009, on the eve of EPIC’s FTC complaint, Facebook backed down on its revised TOS, announcing that it would restore the original TOS.
In November 2009, Facebook changed its TOS again to greatly expand the amount of personal information available to the public. Facebook began treating the following categories of information as “publicly available”:
- Users’ names
- Profile photos
- Lists of friends
- Pages they are fans of
- Geographic regions
- Networks to which they belong
Facebook disclosed all this information to search engines by default. Facebook also made this information available to “every application and website, including those you have not connected with …” Facebook implemented these changes without obtaining consent from its users.
Facebook users opposed these privacy changes, organizing more than five hundred Facebook groups related to privacy settings. One such group, “Against The New Facebook Privacy Settings!”, had a simple message: “We demand that Facebook stop forcing people to reveal things they don’t feel comfortable revealing.”
On December 17, 2009, EPIC, along with nine other public interest organizations, filed a complaint with the FTC (In re Facebook) detailing how Facebook changed its privacy settings to begin disclosing information to third-party applications and the public which users had sought to keep private. Facebook implemented these changes without obtaining affirmative consent from its users or even giving them the ability to opt out.
This complaint concerns material changes to privacy settings made by Facebook, the largest social network service in the United States, which adversely impact users of the Facebook service. Facebook’s changes to users’ privacy settings disclose personal information to the public that was previously restricted. Facebook’s changes to users’ privacy settings also disclose personal information to third parties that was previously not available. These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.
The complaint alleged that: 1) Facebook’s mandatory disclosure of information was an unfair practice, and 2) Facebook’s policies regarding third-party application developers was deceptive.
On January 14, 2010, EPIC and the organizations filed a supplemental complaint alleging additional unfair and deceptive practices by Facebook, including the company’s accessing of email passwords, its iPhone syncing practices, and misleading public statements. The supplemental complaint also presented statements by experts in support of the allegations in the original complaint.
On November 29, 2011, the FTC announced that Facebook had settled charges that it deceived users by failing to keep its privacy promises. The FTC’s eight-count complaint against Facebook alleged that:
- In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
- Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
- Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
- Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
- Facebook promised users that it would not share their personal information with advertisers. It did.
- Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
- Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.
The FTC credited EPIC with providing the factual basis for its complaint against Facebook. The Commission stated, “Facebook’s privacy practices were the subject of complaints filed with the FTC by the Electronic Privacy Information Center and a coalition of consumer groups.”
Under the settlement, Facebook was:
- barred from making misrepresentations about the privacy or security of consumers’ personal information;
- required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
- required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;
- required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
- required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.
In addition, Part II of the Consent Order required Facebook to “give its users a clear and prominent notice and obtain their affirmative express consent before sharing their previously-collected information with third parties in any way that materially exceeds the restrictions imposed by their privacy settings.” (See: Analysis of Proposed Consent Order To Aid Public Comment)
On December 27, 2011, EPIC submitted public comments urging the FTC to strengthen its proposed settlement. Specifically, EPIC’s recommended that the FTC require Facebook to:
- Allow users to access all of the data that Facebook keeps about them;
- Cease creating facial recognition profiles without users’ affirmative consent;
- Make Facebook’s privacy audits publicly available to the greatest extent possible;
- Cease secret post-log out tracking of users across websites.
In a separate letter, EPIC also asked the Commission to determine whether Facebook’s Timeline, which made archived and inaccessible information widely available without the consent of the user, was consistent with the terms of the Order.
On August 10, 2012, the FTC adopted a Final Order against Facebook without any modifications.
Between 2012 and 2018, the FTC failed to enforce its Consent Order against Facebook even once, despite numerous complaints.
On July 3, 2014, EPIC filed a complaint with the FTC alleging that Facebook “altered the News Feeds of Facebook users to elicit positive and negative emotional responses.” Facebook teamed up with researchers at Cornell University and the University of California, San Francisco to conduct a psychological experiment by exposing one group of users to positive emotional content and another group of users to negative emotional content in their News Feeds to determine whether users would alter their own posting behavior.
The study found that “emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness.” The study was published on June 17, 2014 in the scientific journal The Proceedings of the National Academy of Science (PNAS), entitled Experimental evidence of massive-scale emotional contagion through social networks.
EPIC alleged that the researchers who conducted the study “failed to follow standard ethical protocols for human subject research.” EPIC further alleged that Facebook engaged in unfair and deceptive practices in violation of Section 5 of the FTC Act by not informing users that they were potentially subject to behavioral testing. Finally, EPIC alleged that Facebook’s psychological study violated the 2011 FTC Consent Order by misrepresenting its data collection practices.
In 2014, Facebook acquired the text-messaging application WhatsApp. WhatsApp attracted users in part because of its privacy commitments. WhatsApp’s founder Jan Korum stated in 2009 that, “[w]e have not, we do not, and we will not sell your personal information to anyone.” Immediately after announcing the proposed deal, Korum assured users that nothing would change regarding the company’s practices, explaining that WhatsApp would “remain autonomous and operate independently.”
EPIC and the Center for Digital Democracy filed a complaint with the FTC urging the Commission to block Facebook’s acquisition of WhatsApp unless adequate privacy safeguards were established. As the groups explained:
WhatsApp built a user base based on its commitment not to collect user data for advertising revenue. Acting in reliance on WhatsApp representations, Internet users provided detailed personal information to the company including private text to close friends. Facebook routinely makes use of user information for advertising purposes and has made clear that it intends to incorporate the data of Whats App users into the user profiling business model. The proposed acquisition will therefore violate WhatsApp users’ understanding of their exposure to online advertising and constitutes an unfair and deceptive trade practice, subject to investigation by the Federal Trade Commission.
EPIC and CDD filed a supplemental complaint providing more evidence of WhatsApp users’ objections to the acquisition and to highlight the importance of the FTC’s pre-merger review process.
In response to EPIC and CDD’s complaints, the FTC sent a letter to Facebook and WhatsApp notifying the companies of their obligations to honor their privacy promises. The letter explained that the failure to obtain users’ opt-in consent before changing WhatsApp’s business practices would constitute an unfair and deceptive trade practice and may also violate the FTC’s 2012 Consent Order with Facebook.
Then in 2016, WhatsApp announced its plans to transfer users’ personal information to Facebook, including their phone numbers, for Facebook to use for targeted advertising. As the announcement stated, “by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads.” WhatsApp did not get users’ opt-in consent for this change in business practice. Rather, users were required to opt-out within 30 days.
EPIC and CDD immediately filed a complaint with the FTC in response to this proposed data transfer, charging that WhatsApp’s policy change violated Section 5 of the FTC Act. EPIC and CDD urged the FTC to investigate and enjoin the proposed transfer of WhatsApp users’ data to Facebook. The FTC responded to EPIC’s complaint with a letter stating that Commission staff will “carefully review” the filing. As of April 2018, the FTC has not announced any further action.
EPIC has repeatedly emphasized that the FTC must use its antitrust authority to block mergers that threaten user privacy. In a statement to the Senate Judiciary Committee in December 2017, EPIC stated that “[t]he risks to consumer privacy and data security posed by mergers and acquisitions cannot be overstated. When companies merge, they combine not only their products, services, and finances, but also their vast troves of personal data.” In 2015, EPIC called out the FTC for its refusal to stop mergers that threatened consumer privacy, stating “[i]n every instance, it was clear that the practical consequences of the merger would be to reduce the privacy protections for consumers and expose individuals to enhanced tracking and profiling. The failure of the FTC to take this into account during merger review is one of the main reasons consumer privacy in the United States has diminished significantly over the last 15 years.” The Facebook-WhatsApp merger is just one example of how the FTC’s inaction on antitrust has eroded consumer privacy.
In March 2018, news broke that Facebook had allowed Cambridge Analytica, a political data mining firm associated with the Trump campaign, to access personal information on 87 million Facebook users. EPIC and a coalition of consumer organizations immediately wrote a letter to the FTC urging it to investigate this unprecedented disclosure of personal data. The groups made clear that by exposing users’ personal data without their knowledge or consent, Facebook had violated the 2011 Consent Order with the FTC xAD, which made it unlawful for Facebook to disclose user data without affirmative consent. The groups wrote that, “The FTC’s failure to enforce its order has resulted in the unlawful transfer of  million user records … [i]t is unconscionable that the FTC allowed this unprecedented disclosure of Americans’ personal data to occur. The FTC’s failure to act imperils not only privacy but democracy as well.” On March 26, 2018, the FTC confirmed that it was investigating Facebook.
EPIC also submitted an urgent FOIA request to the FTC following the Cambridge Analytica revelations. The request sought all the privacy assessments required by the FTC’s 2011 Order and all communications between the FTC and Facebook regarding those privacy assessments. In emphasizing the urgency of the request, EPIC stated that, “[t]he FTC’s failure to enforce the 2011 Consent Order has not only jeopardized consumer privacy but has allowed a controversial firm to interfere in the 2016 presidential election.” Following the FTC’s release of heavily redacted versions of the assessments, EPIC filed a Freedom of Information Act lawsuit to obtain the full, unredacted reports from the FTC.
Beginning in 2008, EPIC warned of the exact problem that led to the Cambridge Analytica scandal. In Senate testimony in 2008, EPIC President Marc Rotenberg stated that, “on Facebook … third party applications do not only access the information about a given user that has added the application. Applications by default get access to much of the information about that user’s friends.” In EPIC’s 2009 FTC Complaint against Facebook, which led to the FTC’s 2011 Order, EPIC warned that, “the Facebook Platform transfers Facebook users’ personal data to application developers without users’ knowledge or consent.”
In the wake of the Cambridge Analytica revelations, Congress called Mark Zuckerberg to testify at a hearing on Facebook’s failure to protect user data. EPIC sent a comprehensive statement to the Senate Judiciary Committee and Senate Commerce Committee ahead of the hearing, urging the Senate to focus on the 2011 Consent Order between Facebook and the FTC. EPIC told the Senate that, “our assessment is that the Cambridge Analytica breach, as well as a range of threats to consumer privacy and democratic institutions, could have been prevented if the Commission had enforced the Order.”
Facebook’s failure to protect the user data obtained by Cambridge Analytica violated the 2011 Consent Order in several ways. First, Facebook’s conduct violated Section I of the Order, which prohibited the company from misrepresenting any of its privacy settings. The FTC evaluates misrepresentations based on what consumers reasonably understand. In its Complaint, the FTC found that Facebook had misrepresented the extent of access that third-party apps had to user data. After the Order went into effect, Facebook continued to grant third-party apps the same level of access to user data as it had before, without ever correcting its misrepresentation. GSR-the company that transferred data to Cambridge Analytica-acquired its data from Facebook in June 2014, two years after the Order went into effect. Moreover, Facebook actually admitted in 2014 that users did not understand that third-party apps had access to data on a user’s friends.
Second, Facebook violated Section II of the Order, which required Facebook to obtain affirmative express consent and give its users clear and prominent notice before disclosing their previously-collected information with third parties in a way that exceeds the restrictions imposed by their privacy settings. As the FTC found, Facebook granted third-party apps access to user data by overriding users’ privacy settings. After the Order went into effect, Facebook never clearly and prominently disclosed this practice to users and did not retroactively seek users’ express affirmative consent to continue disclosing their previously-collected data to third-party apps.
Third, Facebook was required under Section IV of the Order to establish a “comprehensive privacy program” that would: “(1) address privacy risks related to the development and management of new and existing products and services, and (2) protect the privacy and confidentiality of covered information.” This privacy program had to be designed to prevent “unauthorized collection, use, or disclosure of covered information.” But in 2018, Facebook admitted in testimony before US and British lawmakers that it failed to read the terms and conditions of the GSR app which sold the data to Cambridge Analytica. In a letter to the FTC, Senator Richard Blumenthal (D-CT) wrote that “The Cambridge Analytica revelations demonstrate that Facebook continued to turn a blind eye to third-party apps despite the FTC mandated privacy program.”
On April 6, 2018, EPIC and a coalition of consumer privacy organizations filed a complaint with the Federal Trade Commission charging that Facebook’s facial recognition practice lacked privacy safeguards and violated the 2011 Consent Order with the Commission.
Under the 2011 Consent Order, Facebook is prohibited from misrepresenting the privacy or security of “covered information” – broadly defined to include “photos and videos.” The Order also requires Facebook to “give its users a clear and prominent notice and obtain their affirmative express consent” before disclosing previously-collected information.
Facebook’s facial recognition practice violated those provisions of the FTC Consent Order. In early 2018, Facebook began routinely scanning photos, posted by users, for biometric facial matches without the consent of either the image subject or the person who uploaded the photo. EPIC and consumer groups emphasized that “the scanning of facial images without express, affirmative consent is unlawful and must be enjoined.”
EPIC and the groups asked the FTC to investigate Facebook, determine the extent of the harm to consumer privacy and safety, require Facebook to cease the collection and use of users’ biometric data without their affirmative and express opt-in consent, prohibit the deployment of further facial recognition techniques, delete all facial templates and biometric identifiers wrongly obtained, establish appropriate security safeguards, limit the disclosure of user information to third parties, and seek appropriate injunctive and compensatory relief.
The following organizations signed onto the complaint:
- Electronic Privacy Information Center
- Campaign for a Commercial Free Childhood
- Center for Digital Democracy
- Constitutional Alliance
- Consumer Action
- Consumer Federation of America
- Consumer Watchdog
- Cyber Privacy Project
- Defending Rights & Dissent
- Government Accountability Project
- Patient Privacy Rights
- Southern Poverty Law Center
- U.S. Public Interest Research Group
The 2018 complaint follows EPIC’s 2011 FTC complaint against Facebook’s use of facial recognition. EPIC, CDD, Consumer Watchdog and Privacy Rights Clearinghouse alleged that Facebook began collecting users’ biometric data without their knowledge or consent when it implemented “Tag Suggestions” in 2011. The complaint asked the FTC to enjoin Facebook’s use of facial recognition until appropriate safeguards could be established. The Commission ultimately failed to act on the complaint.
Facebook has also faced class action litigation regarding its use of facial recognition technology.
In 2011, EPIC submitted comments to the FTC urging the Commission to change its proposed settlement to “require that Facebook cease secret post-log out tracking of users across websites.” EPIC warned that Facebook was using cookies not only to track users while they were logged in to Facebook, but that it was also using persistent cookies to continue tracking users after they had logged out of the platform.
- EPIC FTC Complaint In re Facebook (filed Dec. 17, 2009)
- EPIC FTC Supplemental Complaint In re Facebook (filed Jan. 14, 2010)
- FTC Complaint In the Matter of Facebook, Inc., FTC File No. 092-3184 (Nov. 29, 2011).
- FTC Press Release Announcing Proposed Consent Order (Nov. 29, 2011).
- FTC Analysis of Proposed Consent Order to Aid in Public Comment
- EPIC Comments on Proposed Consent Order (Dec. 27, 2011).
- FTC Decision and Order (Aug. 10, 2012)
- EPIC Letter to FTC Urging Investigation into Facebook (Mar. 20, 2018)
- EPIC Statement to Senate Judiciary Committee and Senate Commerce Committee, “Facebook, Social Media, Privacy, and the Use and Abuse of Data” (April 9, 2018)
- In re Facebook – Cambridge Analytica
- Facebook’s 2011 FTC Consent Order
- EPIC – In re Facebook and Facial Recognition (2018)
- EPIC – In re Facebook
- EPIC – In re Facebook II
- EPIC – In re WhatsApp
- EPIC – In re Facebook (Psychological Study)
- Facebook receives backlash over ‘Instagram for Kids’, Mint Lounge, May 11, 2021
- Facebook urged to scrap Instagram for children plans, BBC, April 15, 2021
- FTC ripped for blacking out Facebook’s privacy report, Global Data Review, March 3, 2021
- Bipartisanship Works in State Attorneys General Lawsuits Against Big Tech’s Google and Facebook, ConnPIRG, February 8, 2021
- Facebook Promises Privacy Reform. Critics Aren’t Convinced, WIRED, October 23, 2020
- Judge Cautions Facebook in Approving Record $5B Fine for Alleged Privacy Violations, Law.com, April 24, 2020
- Australia Latest To Hit Facebook Over Data Sharing Scandal, Law360, March 10, 2020
- Court Upholds Facebook Privacy Settlement Over Message Scanning, MediaPost, March 4, 2020
- A Privacy Violation Is a Concrete Injury, Ninth Circuit Underlines in Facebook Settlement Over Private Message Probes, Law.com, March 3, 2020
- This breast cancer advocate says she discovered a Facebook flaw that put the health data of millions at risk, FOX4KC, March 2, 2020
- This breast cancer advocate says she discovered a Facebook flaw that put the health data of millions at risk, CNN, March 1, 2020
- Boeing, Off-Facebook Activity, Car Chases, BYU Radio, February 19, 2020
- Facebook Delivers Long-Awaited Trove of Data to Outside Researchers, Wall Street Journal, February 13, 2020
- Facebook, YouTube order Clearview to stop scraping them for faces to match, Ars Technica, February 7, 2020
- Facebook payout puts spotlight on ‘biometric privacy’, LiveMint, February 2, 2020
- Record Facebook Deal May Boost US Privacy Law Push, Law360, February 1, 2020
- Facebook’s settlement puts spotlight on ‘biometric privacy’, Yahoo, February 1, 2020
- Privacy Groups Hail Facebook Facial Recognition Settlement, Multichannel News, January 31, 2020
- Facebook to Pay Millions for Allegedly Mishandling User Data (Again), Vanity Fair, January 30, 2020
- Facebook agrees to pay $550 million to settle privacy lawsuit, days after Supreme Court declined to hear case, Washington Post Technology 202, January 30, 2020
- Facebook Settles Facial Recognition Lawsuit for $550 Million, Data Breach Today , January 30, 2020
- Facebook to pay $550 million to settle lawsuit over its use of facial recognition technology, Indian Express, January 30, 2020
- Facebook to pay $550 million to settle facial recognition suit, Silicon Valley Business Journal, January 30, 2020
- FACEBOOK TO PAY MILLIONS FOR ALLEGEDLY MISHANDLING USER DATA (AGAIN), Vanity Fair, January 30, 2020
- The Technology 202: Several presidential candidates have yet to promise not to spread disinformation, Washington Post, January 30, 2020
- Facebook reveals ‘Off-Facebook Activity’ tracker to users, Rocket City Now, January 29, 2020
- Facebook to Pay $550 Million to settle Facial Recognition Suit, New York Times, January 29, 2020
- FTC, Facebook Say $5B Privacy Deal Benefits Consumers, Law360, January 28, 2020
- FTC, Facebook Say $5B Privacy Deal Benefits Consumers, Law360, January 27, 2020
- Facebook And FTC Urge Judge To Approve $5 Billion Privacy Settlement, MediaPost, January 26, 2020
- FTC, Facebook play defense on $5B settlement, POLITICO, January 24, 2020
- Facebook, government urge court to approve $5-billion FTC settlement, USAToday, January 24, 2020
- FTC settlement requires ‘sea change’ for Facebook privacy, DOJ says, POLITICO Pro, January 24, 2020
- Facebook still hasn’t paid that $5B FTC fine, but what happens when it does?, Mashable, January 17, 2020
- Landmark Facebook Settlement Still Working Its Way Through Court, Wall Street Journal, January 10, 2020
- Facebook’s FTC Privacy Settlement Challenged in Court, Data Breach Today , January 10, 2020
- Facebook’s FTC Privacy Settlement Challenged in Court, BankInfoSecurity, January 10, 2020
- FTC Nearing Decision On Facebook Antitrust Probe, Law360, January 8, 2020
- Brazil Fines Facebook Over Cambridge Analytica Data Sharing, Law360, January 3, 2020
- Cybersecurity & Privacy Cases To Watch in 2020, Law360, January 1, 2020
- Social media urged to suspend political advertising, BBC, November 8, 2019
- Facebook’s political ads controversy spreads overseas, POLITICO, November 7, 2019
- Facebook not the ‘truth police for the entire world’, official says, Irish Examiner, November 7, 2019
- The Technology 202: Facebook won’t get past the Cambridge Analytica scandal anytime soon, Washington Post, November 7, 2019
- Legislators from ten parliaments put the squeeze on Facebook, Tech Crunch, November 7, 2019
- Legislators from ten parliaments put the squeeze on Facebook, Yahoo Finance, November 7, 2019
- FTC Privacy Settlement Too Favorable To Facebook, Watchdogs Say, MediaPost, October 17, 2019
- $5B Facebook Deal Lets Gov’t Grab User Data, Court Told, Law360, October 16, 2019
- Facebook’s $5 Billion Privacy Settlement Argued Consumers Weren’t Harmed. Experts Think the Damage Was Incalculable, Fortune, October 2, 2019
- ‘Unconstitutional, unlawful and unsupported’: How Facebook initially tried to fight a multibillion-dollar U.S. fine, Washington Post, September 30, 2019
- You Don’t Want Facebook Involved With Your Health Care, Slate, September 19, 2019
- The Facebook Portal Smart Speaker Is Back, Now With More AI, WIRED, September 18, 2019
- EPIC Steps Up Bid To Stop Facebook’s $5B FTC Deal, Law360, August 14, 2019
- Facebook fumbles on privacy, again, POLITICO, August 14, 2019
- Facebook, FTC Fight Privacy Group’s Bid To Block $5B Deal, Law360, August 7, 2019
- Facebook And FTC Oppose EPIC’s Attempt To Intervene In Privacy Settlement, MediaPost, August 6, 2019
- EPIC Privacy Group to Challenge $5 Billion FTC-Facebook Settlement, CPO Magazine, August 6, 2019
- Gmail Keeps a Record of Your Purchase History in Plain Sight, and It’s Not Alone, Fast Company, August 6, 2019
- FTC Praises Weak Slap On The Wrist For Facebook, The Ring of Fire, August 5, 2019
- Facebook’s settlements with the Federal Government—Key takeaways for all companies to consider, Lexology, August 2, 2019
- EPIC challenges FTC-Facebook settlement, IAPP, July 31, 2019
- Facebook cares about its users’ privacy*, Think Progress, July 31, 2019
- Privacy group asks court to reconsider FTC’s $5 billion Facebook deal, Ars Technica, July 30, 2019
- What’s Next After Facebook’s Record $5 Billion Fine and Cambridge Analytica?, National Law Review, July 30, 2019
- Facebook privacy deal with regulator under attack, The Times, July 28, 2019
- EPIC privacy group sues FTC for letting Facebook off easy, The Verge, July 26, 2019
- EPIC asks judge to hear from critics before approving $5B Facebook settlement, The Hill, July 26, 2019
- EPIC Files Legal Challenge to Facebook’s $5 Billion F.T.C. Settlement, New York Times, July 26, 2019
- Facebook Penalty Sends Message to Big Tech, WSJ, July 25, 2019
- 4 Takeaways From Facebook’s Historic $5B Privacy Settlement, Law360, July 25, 2019
- Facebook Board to Tighten Oversight, as Zuckerberg Keeps Control, Wall Street Journal, July 25, 2019
- Critics Pan Facebook’s Privacy Settlement, Forbes, July 25, 2019
- A $5 Billion Fine for Facebook Won’t Fix Privacy, New York Times (Editorial), July 25, 2019
- Facebook hit with $5-billion federal fine for privacy violations, Los Angeles Times, July 24, 2019
- Facebook Fined Record $5 Billion By FTC For Privacy Violations, HuffPost, July 24, 2019
- FTC fines Facebook $5 billion for privacy violations, adds oversight, PBS Newshour, July 24, 2019
- Facebook expected to settle with FTC today, paying $5bn over data handling and agreeing to new controls, Computing (UK), July 24, 2019
- Facebook Fined $5 Billion and Ordered to Add Oversight of Data Practices, New York Times, July 24, 2019
- US slaps $5 bn fine on Facebook, toughens privacy oversight, AFP, July 24, 2019
- FTC Fines Facebook $5 Billion Over Privacy Violations, CBS San Francisco, July 24, 2019
- Facebook to pay $5bn fine, but will privacy prevail?, Al Jazeera, July 24, 2019
- Facebook Settlement Criticized for Weak Privacy Protections, Consumer Reports, July 24, 2019
- There’s Zero Chance Facebook’s ‘Historic’ FTC Fine Prevents Future Abuse, Lawmakers and Privacy Advocates Say, Gizmodo, July 24, 2019
- This is what Facebook’s $5 billion fine means for your privacy, MarketWatch, July 24, 2019
- FTC fines Facebook $5B, adds limited oversight on privacy, Washington Post, July 24, 2019
- Facebook To Pay Record $5B FTC Fine For Privacy Breaches, Law360, July 24, 2019
- For Facebook’s Zuckerberg, FTC settlement could bring a new era of accountability, Washington Post, July 24, 2019
- Facebook FTC Deal Shows Need for Privacy Bill, Lawmakers Say, Bloomberg, July 24, 2019
- Today was Facebook’s worst day ever, and it won’t make a difference, Engadget, July 24, 2019
- Facebook will have to pay a record-breaking fine for violating users’ privacy. But the FTC wanted more., The Washington Post, July 23, 2019
- Facebook Settlement Requires Mark Zuckerberg to Certify Privacy Protections, Wall Street Journal, July 23, 2019
- Facebook Settlement Expected to Mandate Privacy Committee, Wall Street Journal, July 22, 2019
- FTC Set to Unveil Terms of $5 Billion Facebook Settlement, Barron’s, July 22, 2019
- Who should keep an eye on Silicon Valley?, POLITICO, July 21, 2019
- Column: If a $5-billion fine won’t shake Facebook, what can bring it to heel?, Los Angeles Times, July 18, 2019
- Facebook’s $5B Fine Would Set Record But Not Quiet Critics, Law360, July 16, 2019
- Tell me more, tell me more, POLITICO Morning Tech, July 16, 2019
- Facebook to pay FTC $5bn fine over Cambridge Analytica, Computing, July 15, 2019
- Facebook’s $5bn FTC penalty slammed as a ‘tap on the wrist’, The Inquirer, July 15, 2019
- FTC’s $5 Billion Fine Alone Won’t Get Facebook Out of Crosshairs, Wall Street Journal, July 15, 2019
- FTC to fine Facebook about $5 billion for user-privacy violations, reports say, CBS News, July 15, 2019
- FTC to fine Facebook $5 billion over privacy violations: report, Chicago Tribune, July 12, 2019
- I tried and failed to quit Facebook. Here’s what I did instead, Fast Company, July 8, 2019
- House Dems Call For Facebook To Put Libra Plans On Pause, Law360, July 3, 2019
- Consumer groups ask lawmakers to halt Facebook cryptocurrency project, The Hill, July 2, 2019
- Facebook’s new cryptocurrency raises red flags for critics, The Hill, June 20, 2019
- Why ‘we can’t stop’ with just making Facebook split up, Yahoo, June 18, 2019
- Pressure mounts on Facebook over Mark Zuckerberg’s emails on privacy practices, ongoing FTC investigation, Fox News, June 15, 2019
- Facebook Can’t Keep Data Transfer Row Out Of EU High Court, Law360, June 3, 2019
- How Silicon Valley gamed the world’s toughest privacy rules, POLITICO, May 25, 2019
- Structural Remedies In Spotlight In Facebook Privacy Probe, Law360, May 20, 2019
- Democrats Need to Tame the Facebook Monster They Helped Create, POLITICO Magazine, May 19, 2019
- Is Facebook becoming too big to exist? A co-founder thinks so, QRIUS, May 14, 2019
- Can Facebook be broken up? What you need to know, CNET, May 10, 2019
- Facebook’s Privacy Practices May Get More Oversight, Consumer Reports, May 3, 2019
- The splintering internet means trouble for Facebook, Twitter, and Google, Yahoo Finance, May 3, 2019
- Facebook’s FTC Settlement May Include Privacy Oversight, PC Magazine, May 2, 2019
- Facebook could get new privacy oversight and record-breaking fine in FTC deal, Fox News, May 2, 2019
- Facebook could create new privacy positions as part of FTC settlement, The Verge, May 2, 2019
- Mark Zuckerberg could become Facebook’s ‘designated compliance officer’, Mashable, May 2, 2019
- Facebook Settlement With FTC To Include New Privacy Committee, MediaPost, May 2, 2019
- New privacy oversight on the table for Facebook, Zuckerberg, POLITICO Pro, May 1, 2019
- How to Take Back Control From Facebook, New York Times, April 30, 2019
- Facebook Unveils Redesign as It Tries to Move Past Privacy Scandals, New York Times, April 30, 2019
- A Record FTC Fine Won’t Fix Facebook, Privacy Experts Say, Consumer Reports, April 26, 2019
- Why Facebook’s ‘biggest fine ever’ is actually peanuts, The Week, April 26, 2019
- Facebook Takes $3 Billion Hit, Anticipating FTC Fine, BankInfo Security, April 26, 2019
- Regulators Around the World Are Circling Facebook, New York Times, April 26, 2019
- Facebook expects up to $5B FTC fine, POLITICO, April 25, 2019
- Facebook sets aside billions of dollars for a potential FTC fine, Washington Post, April 25, 2019
- She sold the Patriot Act to Congress. Her next job is defending Facebook, Washington Post, April 23, 2019
- FTC could hold Zuckerberg personally accountable for Facebook lapses, report says, Los Angeles Times, April 19, 2019
- Facebook Poised to Fight Disclosure of U.S. Privacy Assessments, Bloomberg, April 18, 2019
- Facebook Slips After Admitting Email Contact Upload in Latest Privacy Glitch, The Street, April 18, 2019
- Congress to Zuckerberg: Facebook doesn’t get to make the rules, Washington Examiner, April 5, 2019
- FTC has received 26,000 complaints about Facebook privacy violations since 2012, The Hill, April 4, 2019
- Facebook founder Mark Zuckerberg to visit Dublin headquarters, Irish Times, April 1, 2019
- Zuckerberg’s Calls for Regulation Are Seen Missing the Mark, Bloomberg, April 1, 2019
- Status update: How Facebook is dealing with a year’s worth of crises, CBS News, March 26, 2019
- FTC under fire, POLITICO Morning Tech, March 25, 2019
- The Case for Investigating Facebook, New York Times (Opinion), March 19, 2019
- GOP Sen. Josh Hawley slams ‘toothless’ federal response to privacy abuses at Facebook and Google, Washington Post, March 11, 2019
- US-Regulator entscheidet über Strafausmaß für Facebook, Radio FM4 (Germany), March 11, 2019
- Senator Hawley Blasts Tech Companies Over Privacy Violations, MediaPost, March 11, 2019
- Elizabeth Warren’s plan to regulate tech giants would force Facebook to break up with WhatsApp and Instagram, Business Insider, March 8, 2019
- In major shift, Facebook puts focus on users’ privacy, Boston Globe, March 7, 2019
- Facebook plans to tie itself together as regulators debate tearing it apart, The Verge, March 7, 2019
- A more private Facebook? Critics slam Mark Zuckerberg’s ‘PR masterpiece’, Mercury News, March 7, 2019
- Facebook’s new vision: Cross-platform messaging between Instagram, WhatsApp and Messenger, USA TODAY, March 6, 2019
- Facebook to link Instagram, Messenger and WhatsApp, CBS News, March 6, 2019
- Facebook, Google in crosshairs of new FTC competition task force, Fox News, February 27, 2019
- Why the U.K. Condemned Facebook for Fuelling Fake News, The New Yorker, February 22, 2019
- Can Washington keep watch over Silicon Valley? The FTC’s Facebook probe is a high-stakes test, Washington Post, February 20, 2019
- Public Pressure to Break Up Facebook Intensifies, But Will It Work?, CPO Magazine, February 11, 2019
- Facebook was misusing Apple platform to get data from kids, says expert, CNBC, January 31, 2019
- Call for Facebook to be broken up and fined billions over privacy, Yahoo News UK, January 29, 2019
- The Technology 202: Facebook’s messaging plans spark privacy, antitrust concerns around the world, Washington Post, January 29, 2019
- Facebook’s Messenger Kids: Child advocates call for shutdown of app, CNET, January 29, 2019
- Facebook to tie together WhatsApp, Instagram and Facebook Messenger, Naked Security, January 29, 2019
- Facebook’s plan to merge its messaging services ignites further antitrust concerns, CNBC, January 27, 2019
- America Needs a Privacy Law, New York Times, December 25, 2018
- Why the F.T.C. Is Taking a New Look at Facebook Privacy, New York Times, December 22, 2018
- Is the FTC to Blame for Facebook Scandals?, Law.com, December 21, 2018
- After Latest Facebook Fiasco, Focus Falls on Federal Commission, Techonomy, December 21, 2018
- Facebook gave tech companies ‘intrusive’ access to users’ private messages and personal data, internal documents reveal, Fox News, December 19, 2018
- Facebook photo API bug exposed users’ unpublished photos, Naked Security, December 18, 2018
- As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants, New York Times, December 18, 2018
- Facebook Row Fair Game For Ill. Privacy Law, 9th Circ. Told, Law360, December 18, 2018
- Facebook Looks to Track Future Movement, SUNNY 99.1, December 14, 2018
- Facebook says a new bug allowed apps to access private photos of up to 6.8 million users, Washington Post, December 14, 2018
- Facebook could face $1.6bn fine after security glitch exposes 7m users’ photos, The Telegraph, December 14, 2018
- Facebook says photo access for up to 6.8 million users unintentionally shared; ‘We’re sorry this happened’, ABC News, December 14, 2018
- Facebook dice que un virus permitió a apps acceder a las fotos de al menos 6.8 millones de usuarios de la red social, Univision, December 14, 2018
- Too ‘Bad To The Bone’ For A Facebook Facelift?, Chief Executive, November 20, 2018
- What the FTC really needs to deal with Facebook, IAPP, November 20, 2018
- Facebook Failed to Police How Its Partners Handled User Data, New York Times, November 12, 2018
- 50 million Facebook accounts were exposed: What we know, what you can do, USA TODAY, September 30, 2018
- FTC Could’ve Prevented Facebook Data Breach, EPIC President Rotenberg Says, Bloomberg, September 28, 2018
- Facebook, Google Could Be Wild Cards In Privacy Law Fight, Law360, August 18, 2018
- EPIC Urges FTC To Fine Facebook Amid EU Data Row, Law360, August 17, 2018
- FTC’s Facebook Finish Line, Politico Morning Tech, August 16, 2018
- Facebook Taps Banks, but for Chatbots not Purchase Data Like Google, TechCrunch, August 6, 2018
- Facebook Fights Users’ Attempt To Revive Suit Over Tracking, MediaPost, August 1, 2018
- FTC Urged To Stop Facebook From Sharing Data With Researchers, MediaPost, July 13, 2018
- Government-data watchdog slaps Facebook on wrist, WND, July 12, 2018
- Facebook Is Still Abusing Your Privacy, New Republic, July 11, 2018
- HomePersonal FinanceFacebook, Google privacy settings trick consumers into giving up data, consumer groups allege, MarketWatch, June 29, 2018
- Facebook and Google accused of using ‘dark patterns’ to manipulate users, Mashable, June 29, 2018
- Google And Facebook Push Users To Cede Privacy, Advocates Say, MediaPost, June 28, 2018
- Consumer groups urge FTC to probe Google, Facebook data-consent tactics, The Hill, June 28, 2018
- ‘Deceived by Design:’ Google and Facebook Accused of Manipulating Users Into Giving Up Their Data, Fortune, June 27, 2018
- Apple will let you know when Facebook is snooping on you, USA TODAY, June 5, 2018
- Facebook Privacy (audio), KPFA/The Ralph Nader Radio Hour, June 5, 2018
- Most U.S. Adults in Poll Unwilling to Share Personal Data for Ads to Keep a Service Free, Morning Consult, May 25, 2018
- Facebook’s Zuckerberg due to face new test in front of European lawmakers, Washington Post, May 22, 2018
- Advocates Question Facebook’s Latest Effort To Protect Data, NPR, May 15, 2018
- Facebook Co-Founder: ‘Self-Regulation Alone is Concerning’, Techonomy, May 11, 2018
- Regulating Privacy, New York Times, May 7, 2018
- Ireland sending Facebook privacy fight to European Union court, WND, May 6, 2018
- The agency in charge of policing Facebook and Google is 103 years old. Can it modernize?, Washington Post, May 4, 2018
- The Facebook-WhatsApp Lesson: Privacy Protection Necessary for Innovation, Techonomy, May 4, 2018
- EPIC wants unredacted privacy assessments from Facebook, Compliance Week, April 26, 2018
- Amid Privacy Changes, Facebook Will Still Treat U.S. Teens as Adults, Education Week, April 26, 2018
- An EPIC Lawsuit, The Hill, April 24, 2018
- Digital counter surveillance for all audiences, La Vanguardia (Spain), April 24, 2018
- ‘Facebook’s privacy controls are sufficient, “said audit in 2017, Estadao Link, April 24, 2018
- Facebook’s hand-picked watchdogs gave it high marks for privacy even as the tech giant lost control of users’ data, Washington Post, April 24, 2018
- Senator Wants Fines, Tighter Leash On Facebook By FTC, Law360, April 23, 2018
- EPIC Sues FTC Over Facebook’s Privacy Audits, POLITICO Morning Tech, April 23, 2018
- Facebook privacy audit by auditors finds everything is awesome!, The Register, April 21, 2018
- FTC-mandated audit cleared Facebook’s privacy policies in 2017, Engadget, April 20, 2018
- Audit Cleared Facebook’s Privacy Practices Despite Cambridge Analytica Leak, Wall Street Journal, April 20, 2018
- https://www.wired.com/story/facebooks-2017-privacy-audit-didnt-catch-cambridge-analytica/, WIRED, April 19, 2018
- Audit Approved of Facebook Policies, Even After Cambridge Analytica Leak, New York Times, April 19, 2018
- Will the FTC come down hard on Facebook? It’s only happened twice in 20 years, USA TODAY, April 18, 2018
- Cambridge Analytica Whistleblower Empowers Citizen Action, Government Accountability Project, April 18, 2018
- Facebook to face class action suit on facial recognition, NY Daily News, April 17, 2018
- Facebook gives more details on how it tracks non-users, USA TODAY, April 17, 2018
- Now Facebook confronted by overseas data-privacy fight, WND, April 14, 2018
- Here’s what the Facebook crisis means for AT&T and Time Warner, Dallas News, April 13, 2018
- Facebook Isn’t Out of the Woods Yet, The Street, April 13, 2018
- How Facebook can have your data even if you’re not on Facebook, USA TODAY, April 13, 2018
- Why Facebook’s 2011 Promises Haven’t Protected Users, WIRED, April 12, 2018
- After Facebook hearings, users want to know: who’s protecting my data?, USA TODAY, April 12, 2018
- Facebook in crisis: Mark Zuckerberg’s testimony reveals massive problems remain, Fox News, April 12, 2018
- Transcript of Zuckerberg’s appearance before House committee, Washington Post, April 12, 2018
- Fact-checking Facebook CEO Mark Zuckerberg’s congressional testimony, Polifact, April 12, 2018
- Mark Zuckerberg’s Privacy Shell Game, WIRED, April 11, 2018
- Facebook stock jumps higher as Mark Zuckerberg testifies, CBS, April 11, 2018
- It would have taken more than privacy laws to prevent the Cambridge Analytica scandal, The Hill, April 11, 2018
- Facebook, Cambridge Analytica, and Grindr: Frank Pasquale Talks About Big Data and HIV Disclosure, TheBody.com, April 11, 2018
- What You Don’t Know About How Facebook Uses Your Data, New York Times, April 11, 2018
- Facebook’s Days as an Unregulated Monopoly May Be Numbered, Wall Street Journal, April 11, 2018
- What we learned from Zuckerberg’s testimony, and what we still don’t know, PBS Newshour, April 11, 2018
- Facebook and Cambridge Analytica: Is the genie out of the bottle?, ZDNet, April 11, 2018
- 4 Things To Watch As Facebook CEO Heads To Congress, Law360, April 10, 2018
- What to do if Facebook says your info was used by Cambridge Analytica, USA TODAY, April 10, 2018
- 9 questions Congress should ask Mark Zuckerberg, Vox, April 10, 2018
- Facebook’s Zuckerberg to testify over data breach, Al Jazeera, April 10, 2018
- Brenda Lee Zuckerberg Is Sorry, Chief Executive, April 10, 2018
- Today’s question for Facebook will be ‘what happens next?’: EPIC President, CNBC, April 10, 2018
- As Zuckerberg Prepares to Testify, Questions Grow Over How to Protect Data, Wall Street Journal, April 9, 2018
- 5 Facebook facepalms (just last week), Naked Security, April 9, 2018
- Facebook’s facial recognition violates user privacy, watchdog groups plan to tell FTC, USA TODAY, April 6, 2018
- If Facebook gets regulated, thank vegans, Quartz, April 6, 2018
- And the Hits Keep Coming, POLITICO Pro, April 6, 2018
- Facebook’s Facial Recognition Feature Violates Users’ Privacy Rights, Groups Allege, Wall Street Journal, April 6, 2018
- Facebook faces fresh facial recognition complaint , Financial Times, April 6, 2018
- EPIC files complaint against Facebook’s ‘Tag Suggestion’ feature, Hotpress, April 6, 2018
- Facebook And Online Privacy , Diane Rehm Show, April 6, 2018
- Facebook broadens estimate of data misuse to 87 million people, including more than 600,000 Canadians, The Globe and Mail, April 5, 2018
- Is This European Law Behind Facebook’s Privacy Shift, Newsweek, April 2, 2018
- Hey Alexa, can you keep a secret from snooping big tech? , Economic Times, April 2, 2018
- Facebook Faces Calls to Further Protect User Privacy, Voice of America, April 2, 2018
- Facing outcry over data breach, Facebook again overhauls privacy settings, Yahoo News, March 30, 2018
- Facebook limits ad targeting after Cambridge Analytica data leak, USA TODAY, March 30, 2018
- Facebook again overhauls privacy settings after outcry over data breach, RawStory, March 30, 2018
- Tim Cook Blasts Facebook & Google, Calls For Government Regulation, CleanTechnica, March 30, 2018
- Facebook Changing Privacy Controls As Criticism Escalates, Daily Democrat Press, March 30, 2018
- Facebook under fire, but it’s just part of ‘surveillance economy’, Christian Science Monitor, March 29, 2018
- Consumer, privacy groups urge Zuckerberg to hire Jimmy Carter as election monitor, The Hill, March 29, 2018
- Amidst data breach scandal, Facebook revamps privacy tools and settings to give users greater control, The Economic Times, March 29, 2018
- Privacy groups hit at Facebook, POLITICO, March 28, 2018
- Facebook Phone-Scraping Takes Users by Surprise, ECT News Network, March 27, 2018
- Facebook’s current woes exacerbated by six-year-old FTC settlement, MarketWatch, March 27, 2018
- Cambridge Analytica whistleblower testifies, CBS This Morning, March 27, 2018
- Special Report With Bret Baier, Fox News, March 27, 2018
- Behind Facebook’s baby step fixes: Defending its ad business, Associated Press, March 26, 2018
- FTC opens probe into Facebook privacy practices , Financial Times, March 26, 2018
- Facebook Data Scandal Opens New Era in Global Privacy Enforcement, Politico, March 26, 2018
- The FTC Is Officially Investigating Facebook’s Data Practices, Wired, March 26, 2018
- Attorneys General Demand Answers From Facebook, KPBS, March 26, 2018
- Federal Trade Commission Confirms Facebook Probe As Its Shares Plunge, Talking Points Memo, March 26, 2018
- FTC, States Increase Pressure on Facebook on Privacy, Phys.org, March 26, 2018
- Facebook Faces Growing Government Scrutiny in Privacy Scandal, San Francisco Chronicle, March 26, 2018
- Facebook had a closer relationship than it disclosed with the academic it called a liar, The Washington Post, March 23, 2018
- Behind Facebook’s Baby Step Fixes: Defending Its Ad Business, US News & World Report, March 23, 2018
- Lawmakers Ask Zuckerberg To Testify About Data Misuse, Law360, March 23, 2018
- Facebook-Cambridge Analytica shows the need for a new privacy law, Business Insider, March 22, 2018
- Facebook feels the pressure over data leak, Irish Examiner, March 22, 2018
- Facebook’s latest data breach reveals Silicon Valley’s fortunes are built on pilfering privacy, Salon, March 22, 2018
- What you can do to protect your personal data on Facebook, PBS Newshour, March 22, 2018
- Facebook Swelters in Cambridge Analytica Heat, E-Commerce Times, March 22, 2018
- How the FTC Could Have Avoided the Facebook Mess, Techonomy, March 22, 2018
- Facebook Crisis Reignites Washington’s Scrutiny of Social Networks, Bloomberg BNA, March 21, 2018
- Facebook data scandal: the legal questions, Financial Times, March 21, 2018
- Privacy groups put pressure on FTC’s Facebook probe, POLITICO Pro, March 21, 2018
- Three Questions: Prof. Jeffrey Sonnenfeld on the Crisis at Facebook, Yale Insights, March 21, 2018
- Facebook Owes You More Than This, WIRED, March 20, 2018
- Can Facebook be trusted with your personal info? Voter harvesting scheme shows perils for users, USA TODAY, March 20, 2018
- Facebook’s rules for accessing user data lured more than just Cambridge Analytica, Washington Post, March 20, 2018
- Facebook Leaves Its Users’ Privacy Vulnerable, New York Times (Editorial), March 20, 2018
- Facebook facing federal investigation over Cambridge Analytica data scandal, CBS News, March 20, 2018
- As data misuse scandal grows, Facebook investigated by FTC, meets with lawmakers, USA TODAY, March 20, 2018
- The Latest: Cambridge Analytica whistleblower regrets work, San Francisco Chronicle, March 20, 2018
- US, European officials question Facebook’s protection of personal data, Washington Post, March 19, 2018
- Data leak puts Facebook under intensifying scrutiny on two continents, Seattle Times, March 19, 2018
- Cambridge Analytica Breach Reveals Facebook’s Weak User Data Defenses, eWeek, March 19, 2018
- Facebook says you ‘own’ all the data you post. Not even close, say privacy experts, Los Angeles Times, March 19, 2018
- Officials: Facebook may have violated FTC privacy deal, Fort Wayne Journal Gazette, March 18, 2018
- Watchdog Asks Court To Vacate Facebook Settlement Over Message Scans, MediaPost, February 2, 2018
- Facebook’s ‘Fixes’ Meaningful or Just Skin Deep?, US News and World Report, January 31, 2018
- Advocates Push Facebook To Nix Messenger Kids App, Law360, January 30, 2018
- Facebook to Launch Privacy Center Ahead of EU Regulations, USA Today, January 29, 2018
- Facebook’s Privacy Hokey-Pokey, Fortune, September 22, 2017
- Facebook case told of US obstacles to privacy redress for EU citizens, Irish Times, February 22, 2017
- Facebook Now Shares Exactly Which Brands Know Your Intimate Details, Vocativ, February 17, 2017
- Outside experts file briefs in EU Facebook privacy case, The Hill, December 24, 2016
- Germany orders Facebook to stop sharing and delete WhatsApp user data, Ars Technica, September 27, 2016
- Germany orders Facebook to stop collecting WhatsApp data, Engadget, September 27, 2016
- Nielsen will monitor Facebook to measure buzz about TV programs, LA Times, January 20, 2016
- Zuckerberg’s Facebook page hacked, The Los Angeles Times, Jan. 30, 2011.
- Facebook Erodes Privacy and Tightens Security, PCWorld, Jan. 27, 2011.
- Facebook Puts HTTPS Security Guard on Full-Time Duty, TechNewsWorld, Jan. 27, 2011.
- Facebook reaches deal with Germany over ‘Friend Finder’ privacy concerns, The Los Angeles Times, Jan. 24, 2011.
- Facebook Does About-Face Following Privacy Backlash, TechNewsWorld, Jan. 18, 2011.
- Facebook halts phone number sharing feature, CNNMoney.com, Jan. 18, 2011.
- Goldman Sachs Deal Lets Facebook Indulge Its Privacy Fetish, Forbes Blog, Jan. 3, 2011.
- Facebook in Privacy Breach, The Wall Street Journal, Oct. 18, 2010.
- A Guide to Facebook’s New Privacy Settings, The New York Times, May 27, 2010.
- New Facebook privacy settings are ‘a red herring’, say activists, The Guardian, May 27, 2010.
- How Facebook Is Redefining Privacy, Time, May 20, 2010.
- Worried about your Facebook privacy? Six things you should know, NY Daily News, May 17, 2010.
- Facebook Privacy: Secrets Unveiled, PCWorld, May 16, 2010.
- Zuckerberg’s Privacy Stance: Facebook CEO ‘Doesn’t Believe In Privacy’ , The Huffington Post, April 29, 2010.
- When Everyone’s a Friend, Is Anything Private?, The New York Times, Mar. 7, 2009.
- Project ‘Gaydar’, Boston Globe, Sept. 20, 2009
- Online Friends at What Price?, Marc Rotenberg, Sacramento Bee, July 20, 2008.
- Online Games Can Lead to Identity Theft, ABC News, July 16, 2008.
- A Flashy Facebook Page, at a Cost to Privacy, Washington Post, June 12, 2008
- Blockbuster Sued For Participating In Facebook’s Beacon Program, Online Media Daily, April 17, 2008.
- Report: Facebook Security Lapse Exposes Photos, ComputerWorld, March 25, 2008.
- Plea to Ban Employers Trawling Facebook, TimesOnline, March 25, 2008. |
- More Privacy Options, The Facebook Blog, March 19, 2008.
- Facebook Denies Role in Morocco Arrest, Wall Street Journal, February 29, 2008.
- Taxman Admits to Facebook ‘Trawl’, Independent.ie, February 25, 2008.
- What Facebook Knows That You Don’t, Washington Post, February 23, 2008.
- Hackers Exploiting Facebook, MySpace Plug-ins, Washington Post, February 23, 2008.
- Quitting Facebook Gets Easier, New York Times, February 13, 2008.
- How Sticky Is Membership on Facebook? Just Try Breaking Free, New York Times, February 11, 2008. Discusses difficulties with account deletion on Facebook.
- Exclusive: The Next Facebook Privacy Scandal, C|Net, January, 23, 2008. Discusses privacy issues with Facebook’s third party application providers.
- Facebook Questioned Over Data Protection, Telegraph, January 21, 2008. The UK information commissioner’s office is questioning Facebook’s practice of retaining data instead of deleting it.
- Facebook, Google And Plaxo Join The DataPortability Workgroup, TechCrunch, January 8, 2008. The DataPortability working group is at www.dataportability.org.
- Facebook Blocks Secret Crush Over Adware Row, The Register, January 8, 2008. “Facebook has blocked the “Secret Crush” widget for violation of its terms of service, following a row about the use of the application to dupe users into downloading adware onto their PCs.”
- Facebook Locks Out Plaxo, ZDNet, January 4, 2008. “Social-networking site Facebook has fought off a major-league blogger’s bid to extract his own contact list from the service, using a utility from rival site Plaxo, highlighting the unanswered question of who owns data associated with people’s identities on social-networking sites.”
- Delete My Bleeping Account, Facebook!, Daily Kos, December 25, 2007.
- Facebook ban for British MP: Liberal Democrat told he isn’t ‘real.’ Tech.co.uk, December 21, 2007.
- Facebook Sues Porn Company Over Hacking. PCWorld, December 17, 2007. “The social network claims a bot from the Canadian porn site tried to gather its members’ data.”
- Can Blockbuster Be Sued Over Facebook Beacon? Slashdot, December 14, 2007.
- Facebook to Let Other Sites Access Platform Code. C|Net, December 12, 2007.
- Facebook, ID fraud, and the dark side of the Web. InfoWorld, December 11, 2007. “At the Le Web 3 conference, panelists discussed the securiy implications of Web 2.0, including identity management and privacy concerns.”
- Facebook and the VPPA. The Laboratorium, December 10, 2007. A law professor discusses how Facebook Beacon may violate the Video Privacy Protection Act when it broadcasts a user’s movie selections on the Blockbuster website.
- Thoughts on Beacon.The Facebook Blog, December 5, 2007.
- Safety on Facebook. The Facebook Blog, October 19, 2007.
- Attorney General Cuomo and Facebook Announce New Model to Protect Children Online. Office of the New York State Attorney General Andrew M. Cuomo, October 16, 2007
- Cuomo Subpoenas Facebook Over User Safety: Facebook Ignores Complaints About Sexual Predators. Office of the New York State Attorney General Andrew M. Cuomo, September 24, 2007.
- Facebook to Make Listings Public via Search Engines. PCWorld, September 5, 2007.
- Facebook Expands Into MySpace’s Territory. The New York Times, May 25, 2007. Discusses the launch of the Facebook Platform.
- Facebook’s feeds cause privacy concerns. The Amherst Student, October 3, 2006.
- MySpace and Facebook rivals are growing. The Wall Street Journal, October 2, 2006.
- $1 Billion for Facebook? LOL!. Slate, September 28, 2006.
- Open Facebook. Forbes. September 11, 2006.
- Facebook to Allow Open Registrations. TechCrunch, September 11, 2006.
- An Open Letter From Mark Zuckerberg. The Facebook Blog, September 8, 2006.
- Saying It ‘Messed Up,’ Facebook Modifies Controversial Feature. The Washington Post, September 7, 2006.
- Calm Down. Breathe. We Hear You. The Facebook Blog, September 6, 2006.
- Facebook Gets a Facelift. The Facebook Blog, September 5, 2006. Announces the News Feed and Mini-Feed features.
Past Facebook Features
Facebook has several features with a significant impact on privacy and security of personal information. These features raise issues of data collection, retention, distribution and control. The various privacy issues raised may in some cases have legal consequences.
Facebook does not permit the privacy enhancing techniques of pseudonymous logins or the creation of multiple profiles. Facebook’s terms require users to provide “accurate, current and complete” information when registering for the site. This means that a user must provide accurate information for their name, date of birth, and school and work affiliation. Facebook’s terms require users to agree not to “register for more than one User account, register for a User account on behalf of an individual other than yourself,” or “falsely state or otherwise misrepresent yourself, your age or your affiliation with any person or entity.” Users are thus forbidden from having several profiles for different social circles, such as for friends, professional colleagues, teachers and family. Users must have a single identity across all those social interactions. Since they must accurately give Facebook their name and date of birth, this single identity is required to be tied to their real life identity.
Facebook offers no way to conveniently delete one’s account once one has created a profile. Facebook does offer that an account can be “deactivated.” Once deactivated, Facebook says that a deactivated account cannot be seen or found by others:
Deactivation will completely remove your profile and all associated content on your account from Facebook. In addition, users will not be able to search for you or view any of your information. If you reactivate your account, your profile will be restored in its entirety (friends, photos, interests, etc.).
Reactivating an account is done by logging in again with the same username and password. This means that all of the information that the user has uploaded is retained by Facebook. Facebook does permit users to delete items such as wall posts, photos, friends and profile information. This has to be done via Facebook’s interface, and must be done one item at a time.
Facebook reserves the right to delete your account. According to their terms, Facebook “may terminate your membership, delete your profile and any content or information that you have posted on the Site or through any Platform Application . . . for any reason, or no reason, at any time in its sole discretion, with or without notice . . . .”
Facebook users can add metadata tags to photographs. These tags can be identified to particular areas of the photograph. So a picture of a family in front of a landmark can have the individual faces of family members tagged with their names, and the landmark tagged with its name. When the image is displayed, the tags become hyperlinks to the profile of the subject of the tag. If the subject of the tag is not a Facebook member, then the tag remains in plain text, not linking to anything. When photos of a person are displayed, this display includes their own photographs and those published by others and tagged with that person’s name. When a user views an image that has been tagged with that user’s name by another, the user has the option of removing the tag. A user is given a brief notice when others tag images with that user’s name.
Facebook users are invited by Facebook to “[f]ind out which of your email contacts are on Facebook.” Facebook asks users for their email address and password for many of the major providers of webmail services (Yahoo, Hotmail, Gmail, etc…). Facebook then logs on to the account, and downloads all the contacts there. Facebook can also import email contacts from applications such as Outlook and Thunderbird. Users are then shown a list of which individuals are current Facebook members, and have the choice of sending friend requests to each of them. The screen comes with all the contacts pre-selected. The user is then given the option of inviting all of their other contacts to join Facebook. Again, all of the contacts are pre-selected. The default behavior is to send messages to all of one’s contacts inviting them to become friends on Facebook.
Example of the contact importer.
Facebook promises not to retain the user’s password and login. Facebook does not explain what happens to the emails collected, or to the association of those emails as “contacts” of a given user. The email addresses can be of significant value. As known contacts of a real person, a person knows that that email address is “live” and thus valuable to email harvesters.
Facebook users see a news feed when they log into their accounts. The news feed contains items about a Facebook user’s friends as well as some advertisements. Some of a user’s personal information is published to their friends’ news feeds.
A newsfeed example, provided by Facebook.
The feed was introduced in September 2006. When first introduced users had no control over what information was published to the Feed. Facebook users protested the privacy invasion, demanding control over their data. Facebook users were responding to the broadcast of their data, to Facebook making it more easily available. Seven hundred thousand users joined a group protesting the feed. Facebook users also created a petition to Facebook Administrators:
Whereas Facebook.com is a social networking Web site and utility owned as a private company started in February 2004 by Mark Zuckerberg;
Whereas Facebook.com is a useful and entertaining tool for those on its networks;
Whereas the users on Facebook.com support the site’s stated philosophy of helping people spread information through social networks;
Whereas the users on Facebook.com understand the privacy settings and their role in protecting personal, private information;
Whereas drastic changes were make to Facebook.com on September 5, 2006, including the introduction of the “News Feed” and “Mini Feed” that call into question the safety and privacy of its more than 9 million users;
Whereas there has been an unprecedented outpouring of opposition to the changes within the community;
Whereas many users feel uncomfortable participating on Facebook.com because of the changes to the point that some have deactivated their accounts;
We, the Facebook.com user community:
–Encourage Facebook.com administrators to actively communicate and consult with users in a democratic dialogue concerning any current and future changes.
–Demand the immediate removal of the “news feed” and “mini feed” feature from Facebook.com.
–Allow an individual to remove himself or herself from the “news feed” and “mini feed” feature on other users’ page.
–Allow an individual to remove his or her own personal “news feed” and “mini feed” feature from his or her personal profile.
Facebook responded by creating some opt-outs for the feed, and its CEO Mark Zuckerberg apologized on the Facebook blog. As Facebook’s Feed privacy page explains: “Stories are published when you edit your profile information, join a new network, or update your Status.” A user can opt out of other information being published to their feed, such as changes in relationship status or the addition of a friend.
Other Facebook features also publish information via the news feed. Consequently, not all privacy controls related to feeds is controlled by the Feed section of the privacy page. Applications, Social Ads, and Facebook Beacon all communicate via the News Feed. User control, if any, of those information flows is located in pages devoted to those features, not the feed.
Users can also influence what items of their friend’s personal information are presented to them. They can select that stories about some friends get published more or less frequently. They can also select what types of stories they are interested in, such as relationship news, changes in profile data, or the addition of new friends. This will cause these events to show up on their feed more or less often.
Platform Application Programming Interface (API)
In May 2007, Facebook launched the Facebook Platform. The platform allows third parties to create applications which access Facebook’s database. The applications are meant to function in much the same way that the Facebook created applications work. Applications can publish to a user’s feed and can access that user’s information. When a user adds an application, the information about other users that the given user can see is made available to these third party application providers. The third party application provider may retain some of this information forever, and some information may be retained for a limited time.
Since the applications are developed and hosted by third parties, their algorithms necessarily involve the flow of personal information from Facebook to the application host and developer. When installing an application users are asked briefly a few choices about the application, such as whether they want it to know who they are, take up space on their profile, or publish information to the user’s feed. The choices are all pre-selected.
Example of the addition of the Blackjack application.
The information that the application accesses includes everything about a user and what they can see, except for their contact information such as email address, phone number and postal address. The terms the user is agreeing on by clicking “add” includes examples of this information:
Examples of Facebook Site Information. The Facebook Site Information may include, without limitation, the following information, to the extent visible on the Facebook Site: your name, your profile picture, your gender, your birthday, your hometown location (city/state/country), your current location (city/state/country), your political view, your activities, your interests, your musical preferences, television shows in which you are interested, movies in which you are interested, books in which you are interested, your favorite quotes, the text of your “About Me” section, your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history, your course information, copies of photos in your Facebook Site photo albums, metadata associated with your Facebook Site photo albums (e.g., time of upload, album name, comments on your photos, etc.), the total number of messages sent and/or received by you, the total number of unread messages in your Facebook in-box, the total number of “pokes” you have sent and/or received, the total number of wall posts on your Wall(TM), a list of user IDs mapped to your Facebook friends, your social timeline, and events associated with your Facebook profile.
Significantly, applications do not only access the information about a given user that has added the application. Applications by default get much of the information about that user’s friends and network members that the user can see. So without any action from a user, an individual that has never joined any applications will have their information sent to the third party application when their friends or associates in their networks join.
Default settings for what is shared to applications one has never added, including photos, relationships and other history.
Facebook disclaims all risk from how the application uses the data, and in its terms states that users release and hold harmless Facebook for any damages from installing or using applications. Facebook also says that it may change its policy at any time by changing the terms on its website. Users have no enforcement other than to remove the application.
Though Facebook disclaims its own risks, and states that users have no recourse, Facebook imposes some terms on how developers may use users’ information:
- You must be honest and accurate about what your application does and how it uses information from Facebook users. Your application cannot falsely represent itself.
- You can only show information from Facebook Platform to a user if you retrieved it on behalf of that particular user.
- You can only cache user information for up to 24 hours to assist with performance. The only exceptions are those listed in the Facebook Platform Documentation.
Values that can be stored indefinitely include User ID; Primary network ID; Event ID; Group ID; Photo ID; Photo album ID; Total number of notes written by the user; and Time that the user’s profile was last updated. Any information that the application develops or collects on its own can be forever kept and associated with the above information. For example, the blackjack application above may generate a win/loss record for a user. The application is permitted to indefinitely store the User ID and associate that with that user’s performance in blackjack.
Public Search Listing
In September of 2007, Facebook introduced public search listings. Previously, only Facebook members could search Facebook for other users. Now, non-members will be able to search. Further, major search engines such as yahoo and Goggle will index the public search listings. The listing shows a limited amount of information such as name, profile picture, and Friends.
Example of a public search listing, provided by Facebook.
This change exposes Facebook members to the general Internet. The information was exposed without the explicit permission of Facebook users. The change was announced via the Facebook blog, and users were given about 30 days to opt-out before the information reached major search engines.
Social Ads and Pages
Facebook’s Social Ads and pages launched in November of 2007. Pages permit advertisers and businesses to have a presence on Facebook similar to Facebook users. Advertisers can create fan clubs, videos, and other interactions with users. When users interact with an advertiser page, this generates a message to that user’s feed, alerting that user’s friends to this interaction. Facebook describes this as similar to “word of mouth” advertising, except that Facebook is creating the words and publishing the information based on a user’s lone interaction with the page.
Facebook’s social ads launch when users interact with a page. The social ad includes the interaction with the page, plus text provided by the advertiser, and the user’s name and profile picture. This entire message is displayed in the feed of the user’s friends. The ads can also demographically targeted, aiming at users of a certain location, age or sex, or many of the other demographic criteria that users have submitted in their profile.
Example of a Social ad. After the user rates a movie, that user’s friends are shown the rating, the movie,
the user’s name and picture, and are invited to join the advertiser’s service. Image from Facebook
Social ads potentially violate the privacy tort of appropriation of name and likeness. Generally, the tort is described in the Restatement of Torts S 652C Appropriation of Name or Likeness:
One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.
a. The interest protected by the rule stated in this Section is the interest of the individual in the exclusive use of his own identity, in so far as it is represented by his name or likeness, and in so far as the use may be of benefit to him or to others. Although the protection of his personal feelings against mental distress is an important factor leading to a recognition of the rule, the right created by it is in the nature of a property right, for the exercise of which an exclusive license may be given to a third person, which will entitle the licensee to maintain an action to protect it.
b. How invaded. The common form of invasion of privacy under the rule here stated is the appropriation and use of the plaintiff’s name or likeness to advertise the defendant’s business or product, or for some similar commercial purpose. Apart from statute, however, the rule stated is not limited to commercial appropriation. It applies also when the defendant makes use of the plaintiff’s name or likeness for his own purposes and benefit, even though the use is not a commercial one, and even though the benefit sought to be obtained is not a pecuniary one. Statutes in some states have, however, limited the liability to commercial uses of the name or likeness.
Another applicable legal principle is the Right of Publicity, from the Third Restatement on Unfair Competition S 46:
One who appropriates the commercial value of a person’s identity by using without consent the person’s name, likeness, or other indicia of identity for purposes of trade is subject to liability. . . .
The actual application of the tort will vary from state to state, in some cases being a part of the common law, and in some cases part of statute. For example California Civil Code S 3344(a) states:
Any person who knowingly uses another’s name, voice, signature, photograph, or likeness, in any manner, on or in products, merchandise, or goods, or for purposes of advertising or selling, or soliciting purchases of, products, merchandise, goods or services, without such person’s prior consent, or, in the case of a minor, the prior consent of his parent or legal guardian, shall be liable for any damages sustained by the person or persons injured as a result thereof. In addition, in any action brought under this section, the person who violated the section shall be liable to the injured party or parties in an amount equal to the greater of seven hundred fifty dollars ($750) or the actual damages suffered by him or her as a result of the unauthorized use, and any profits from the unauthorized use that are attributable to the use and are not taken into account in computing the actual damages. In establishing such profits, the injured party or parties are required to present proof only of the gross revenue attributable to such use, and the person who violated this section is required to prove his or her deductible expenses. Punitive damages may also be awarded to the injured party or parties. The prevailing party in any action under this section shall also be entitled to attorney’s fees and costs
The law requires prior consent, has a minimum damage of $750, allows the injured person to capture the profits of the violation, and provides for attorney’s fees to the winner.
Pre-2008 Top News
- Canadian Law Students File Privacy Complaint Against Facebook. The Canadian Internet Policy and Public Interest Clinic today filed a 35-page complaint (pdf) under the Personal Information Protection and Electronic Documents Act against Facebook, alleging 22 separate violations of Canadian privacy law. CIPPIC Press Release. (May 30, 2008)
- International Privacy Officials Recommend Social Networking Privacy Safeguards. The International Working Group On Data Protection in Telecommunications has released a report and guidance (pdf) on privacy in social networking services. The report identifies risks to privacy and security, and provides guidance to regulators, service operators and users to counter these risks. Risks include the large amount of data collection; the misuse of profile data by third parties; insecure infrastructure and application programming interfaces. Regulators should ensure openness, and oblige data breach notification. Providers must be transparent; live up to promises made to users; and use privacy friendly defaults. Privacy and consumer groups are also recommended to raise the awareness of regulators, providers and the general public. (Apr. 17, 2008)
- Facebook Eases Account Deletion, Default Third Party Information Sharing Remains.After recent criticisms concerning the practical impossibility of deleting account information, Facebook has changed its help page on deletion. Users may now contact Facebook to request permanent deletion of their information. However, Facebook’s default sharing of excess personal information with thousands of third party application developers remains. User information travels to these third parties when they or their friends add an application to their profiles. Facebook disclaims all liability from what happens to that information. For more, see EPIC’s page on Facebook. (Feb. 19. 2008)
- UK Commissioner to Investigate Facebook Data Retention. Social networking site Facebook is under investigation by the UK Information Commissioner for its data retention practices. Facebook users may “deactivate” their accounts, leaving their personal information on Facebook servers but inaccessible to the public. Users have to individually delete each profile element. The investigation follows a complaint from a user unable to fully delete his profile. The Information Commissioner is an independent authority that enforces and oversees the Data Protection Act. (Jan 22, 2008)
- Facebook Announces Beacon Opt-out, Promises Not to Retain Data. Social networking site Facebook announced that users would be able to globally opt-out of the “Beacon” advertising system. Beacon collects information on interactions with third party sites such as Fandango and Ebay. Beacon then broadcasts this information to a user’s Facebook friends. Security researchers recently revealed that Beacon collects information on all users of those third party sites, not just Facebook members. Facebook’s announcement promises that they will not keep or use this information on non-members and those who have opted out. (Dec 4, 2007)
- Facebook Caves to Privacy Demands, Adopts Limited Opt-In. Social networking site Facebook.com significantly modified the privacy features of its new “Beacon” advertising system. Facebook users found their purchases on third party sites were being broadcast to their Facebook friends. Users had only limited options for opting out of the broadcast. In response to complaints from EPIC, the Center for Digital Democracy, Moveon.org, and thousands of users, Facebook will now ask that users opt-in before broadcasting their details. Facebook will continue to collect information from third party sites and will continue to ask for opt-ins until the user consents. (Nov 30, 2007)
- Facebook to Collect, Distribute User Interactions With Third Party Sites. Social networking website Facebook.com introduced its “Beacon” feature to much controversy. Facebook users who shop at third party websites will have their purchases broadcast to their friends via Facebook. Facebook receives this third party information and shares it unless user opt-out during a brief pop-up window at the third party site. Interest group MoveOn.org has started a petition campaign and Facebook group against this feature. The MoveOn petition and Facebook group demand that Facebook share user information only with explicit opt-in permission. Facebook considered, but did not adopt, a blanket opt-out for the beacon feature. (Nov 28, 2007)
- Facebook Unveils New “Social Ads.” Social networking site Facebook.com unveiled “social ads,” a new advertising product. Marketers create Facebook profiles and purchase advertising targeting other users profile information. Further, a users name and picture will be shown to their friends in promotion of a product after that user interacts with the marketer in some way. A law professor has questioned whether this violates the privacy tort prohibiting commercial appropriation of name and likeness. Facebook’s privacy settings do not currently allow one to opt out of receiving marketing or being used in it. (Nov. 14, 2007)
- Facebook Responds to Users’ Demands. In response to the negative reactions of so many of its users, Facebook put new privacy controls on the News Feed feature into operation. Mark Zuckerberg, the CEO of Facebook, published an open letter on the Web site on September 8th apologizing for not having consulted with users prior to introducing feature, which notified users of all their contacts’ activities, such as profile changes from “in a relationship” to “single.” However, the change is simply an opt-out and puts the burden on Facebook users to protect their privacy. Over 700,000 users signed an online petition demanding the company discontinue the feature, stating that this compromised their privacy. (Sept. 25, 2006).
- Outcry Over New Facebook Feature. When social networking Web site Facebook introduced their new News Feed feature on September 5, the company was accused of invading the privacy of its users and facilitating stalking. The goal of the new feature was to make it easier for users to keep up to date with the latest happenings in the lives of their online friends. However, user upset at its introduction sparked debate over how much control users expect to have over the information they place on these Web sites, and also whether the means of dissemination of this information matters. (Sept. 5, 2006).