You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Challenge to FTC/Facebook 2019 Settlement

FTC/Facebook settlement: Too Little, Too Late

Top News

  • Wiretapping Claims Against Facebook Move Forward as Supreme Court Denies Review: This week, the U.S. Supreme Court denied a petition for review in In re: Facebook, Inc. Internet Tracking Litigation, a case challenging Facebook's use of "cookies" to track internet browsing activity even when users were logged out of their Facebook accounts. The U.S. Court of Appeals for the Ninth Circuit held that Facebook's use of cookies to track Internet users browsing other websites might violate the federal Wiretap Act because Facebook was not an authorized party to those communications. Facebook's efforts to get the Supreme Court to reject this holding of the Ninth Circuit failed, and now the case will move forward. EPIC filed an amicus brief in the Ninth Circuit in this case and has filed briefs opposing settlements in other cases challenging cookie-based surveillance. EPIC has long advocated against the use of cookies and other surveillance tools to track people online. EPIC continues to advocate for clear rules and restrictions on web tracking as companies replace cookies with new surveillance techniques that would do little to protect privacy online. (Mar. 22, 2021)
  • Court Approves FTC-Facebook Deal, But Says Data Protection Laws Need Updating: Despite objections from EPIC and other consumer groups, a federal judge has approved the Federal Trade Commission’s settlement with Facebook over the company’s alleged violations of the 2012 consent decree and the FTC Act. The court called Facebook’s alleged conduct “stunning,” “unscrupulous,” “shocking,” and “underhanded,” and even stated that it “might well have fashioned different remedies were it doing so out of whole cloth.” The court nevertheless approved the deal because of the “deferential” standard it felt bound to apply, but the court warned that, should the FTC accuse Facebook of further violations of the law, the court “may not apply quite the same deference to the terms of a proposed resolution.” EPIC had moved to intervene in the case and filed an amicus brief arguing that the deal imposes “few new obligations on the company that would limit the collection and use of personal data, nor will there be any significant changes in business practices.” The court denied EPIC’s motion to intervene but acknowledged that EPIC’s arguments as amicus “call into question the adequacy of laws governing how technology companies that collect and monetize Americans’ personal information must treat that information.” (Apr. 24, 2020)
  • More top news

  • EPIC Uncovers 3,156 More Facebook Complaints at FTC—Over 29,000 Now Pending (Sep. 22, 2019) +
    Through a Freedom of Information Act Request, EPIC has obtained thousands of new consumer complaints (part 1, part 2)against Facebook. The most recent documents, released to EPIC, follow the Commission’s proposed $5 b settlement in July. Among the complaints uncovered by EPIC are those from consumer groups and members of Congress. EPIC also obtained records of new complaints in the FTC’s Consumer Sentinel database. EPIC earlier uncovered 26,000 complaints against Facebook since the announcement of the 2011 consent order. EPIC is formally challenging the proposed settlement with Facebook, charging that the Commission has failed to investigate thousands of complaints against the company.
  • EPIC Pursues Intervention in FTC Facebook Case (Aug. 12, 2019) +
    EPIC has filed a reply brief in support of its motion to intervene in United States v. Facebook, a case concerning the proposed settlement between the Federal Trade Commission and Facebook. The Government and Facebook have sought to block EPIC's participation. EPIC pursued intervention to protect the interests of Facebook users and to ensure that pending complaints at the FTC were not ignored. EPIC told the court overseeing the case that the settlement "is not adequate, reasonable, or appropriate." In response to Facebook and the government, EPIC explained that the settlement is "arbitrary and capricious because the Commission seeks to grant Facebook immunity from any unlawful practices identified in prior consumer complaints, without addressing or even identifying the prior complaints." EPIC also argues that the FTC's failure to consider public comments on the settlement, as the agency is required to do under its own regulations, "denies EPIC and others the opportunity to submit comments on the consent agreement." An EPIC FOIA lawsuit uncovered more than 26,000 complaints against Facebook pending at the agency. In 2009, EPIC and other consumer privacy organizations filed the original complaint that created legal authority for the FTC to oversee Facebook's privacy practices. Many members of Congress, consumer organizations, and corporate law experts have opposed the proposed settlement, which was narrowly approved by the Commission, 3-2.
  • EPIC Challenges FTC-Facebook Settlement, Asks Court to Hear from Privacy Groups (Jul. 26, 2019) +
    EPIC has filed a Motion to Intervene in United States v. Facebook to protect the interests of Facebook users. The case concerns a proposed settlement between the FTC and Facebook. EPIC said the settlement "is not adequate, reasonable, or appropriate." EPIC also explained that the settlement would extinguish more than 26,000 consumer complaints against Facebook pending at the FTC. EPIC asked the court for an opportunity for EPIC and others to be heard before the settlement is finalized. EPIC filed the original complaint that created legal authority for the FTC to oversee Facebook. Back in 2011, EPIC also urged the Commission to require Facebook to restore the privacy settings of users, give users access to all of the data that Facebook keeps about them, stop making facial recognition profiles without users' consent, make the results of the government privacy audits public, and stop secretly tracking users across the web. Earlier this year, EPIC and others urged the FTC to pursue structural remedies, including the divestiture of WhatsApp. Many organizations and individuals have expressed concern about the proposed settlement, which was narrowly approved by the Commission, 3-2. More info at https://epic.org/privacy/facebook/epic2019-challenge/
  • BREAKING - FTC Issues Facebook Fine, EPIC - "Too little, too late." (Jul. 24, 2019) +
    The Federal Trade Commission announced today the first fine against Facebook since EPIC and a coalition of privacy organizations filed a complaint with the Commission about the company’s businesses practices back in 2009. In a 2011 consent order the FTC said it would bar Facebook "from making any further deceptive privacy claims.” But in the years that followed, the FTC failed to act even as complaints emerged about marketing to children, privacy settings, tracking users, gathering health data, and facial recognition. Earlier this year, EPIC determined that there were 26,000 complaints against Facebook pending at the Commission. EPIC President Marc Rotenberg said today, “The FTC’s action is too little, too late. American consumers cannot wait another decade for the Commission to act against a company that violates their privacy rights. Congress should move quickly to establish a data protection agency."
  • Court Rules D.C. Attorney General's Lawsuit Against Facebook Will Proceed (Jun. 3, 2019) +
    The D.C. Superior Court denied Facebook's motion to dismiss the complaint filed by D.C. Attorney General over the privacy practices that led to Cambridge Analytica. The D.C. Attorney General alleged that Facebook failed to monitor third-party use of personal data and failed to ensure users' data was deleted. The lawsuit seeks financial penalties, and an injunction to establish safeguards to protect users' data. The court ruled that the case could proceed because "District of Columbia residents' widespread utilization of, and repeated exchange of personal information through Facebook's online social networking service, constitute 'transactions.'" EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order. Facebook anticipates a $3-5 billion fine from the FTC.
  • Facebook Anticipates $3B-$5B Fine (Apr. 26, 2019) +
    According to news reports, Facebook has budgeted $3 billion for in its first-quarter earnings report, saying it expected the FTC to fine the company between $3-$5 billion. In January, EPIC and a coalition of consumer and civil rights groups sent a letter to the FTC calling on the Commission to enforce the order against Facebook by 1) imposing substantial fines; 2) establishing structural remedies; 3) requiring compliance with Fair Information Practices; 4) reforming hiring and management practices; and 5) restoring democratic governance. Also, EPIC's Freedom of Information Act request revealed that there are there are over 26,000 complaints pending against Facebook. In the eight years since the FTC announced the consent order barring Facebook from making any misrepresentation about user privacy, the FTC has not taken a single enforcement action against the company. EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order.
  • Senator Blumenthal Calls on FTC to Unwind Big Tech Mergers (Mar. 7, 2019) +
    In a Senate Judiciary Committee hearing earlier this week, Senator Richard Blumenthal said that antitrust enforcers must consider unwinding anticompetitive mergers. “Over the past decade tech companies have in effect been given a free pass by antitrust regulators,” Senator Blumenthal said. "Facebook perhaps should never been allowed to acquire Instagram, Google to acquire DoubleClick. I have come to the conclusion that maybe post merger, some of these transactions should be challengeable, rarely done, but still challengeable, especially when the merger is approved on conditions that are then violated.” Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger.
  • EPIC, Open Markets, Civil Rights Groups Press FTC on Facebook Consent Order (Jan. 23, 2019) +
    EPIC joined a coalition of groups urging the FTC to issue strong penalties in Facebook matter. "Given that Facebook’s violations are so numerous in scale, severe in nature, impactful for such a large portion of the American public and central to the company’s business model, and given the company’s massive size and influence over American consumers, penalties and remedies that go far beyond the Commission’s recent actions are called for,” the letter stated. The groups said the FTC should 1) impose substantial fines; 2) establish structural remedies; 3) require compliance with Fair Information Practices; 4) reform hiring and management practices; and 5) restore democratic governance.
  • Senators Urge FTC to Act Against Facebook (Jan. 18, 2019) +
    In a letter to the Federal Trade Commission, Senators Ed Markey and Richard Blumenthal pushed the Commission to take swift action against Facebook, despite the government shutdown. "While we have repeatedly expressed concerns about the pace of this investigation, we fear that the current government shutdown further threatens the FTC's ability to complete this investigation," the Senators wrote. "When Americans' privacy is breached, they deserve a speedy and effective response." The letter comes nearly ten months after the FTC announced it would reopen an investigation into Facebook after EPIC's urging. Since then, EPIC has urged the Commission to act and has repeatedly highlighted Facebook's violations of the 2011 consent order in statements to Congress. The 2011 consent order followed an extensive complaint filed by EPIC and a coalition of consumer privacy organizations in 2009.
  • In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites (Dec. 7, 2018) +
    In a surprisingly brief opinion, the Ninth Circuit has upheld a decision to dismiss a privacy suit against Facebook concerning the collection of sensitive medical data. In Smith v. Facebook, users alleged that the company tracked their visits to healthcare websites, in violation of the websites' explicit privacy policies. In a little less than five pages, the Ninth Circuit decided that Facebook was not bound by the promises made not to disclose users' data to Facebook because Facebook has a provision, buried deep in its own policy, that allows Facebook to secretly collect such data. The court actually wrote that searches for medical information are not sensitive because the "data show only that Plaintiffs searched and viewed publicly available health information..." EPIC filed an amicus brief in the case, arguing that "consent is not an acid rinse that dissolves common sense." In 2011 Facebook settled charges with the FTC that it routinely changed the privacy settings of users to obtain sensitive personal data. The consent order resulted from detailed complaints brought by EPIC and several other consumer organizations.
  • Facebook's Response to Congress Provides More Evidence of Consent Order Violations (Jul. 2, 2018) +
    Late Friday afternoon, Facebook submitted over 700 pages of responses to questions from members of Congress following Mark Zuckerberg's testimony in April. Facebook has now admitted that it provided developers and device makers access to personal data despite publicly stating that it had discontinued the practice. In April EPIC submitted a detailed letter to Congress, explaining that the Cambridge Analytica breach could have been avoided if the FTC had enforced the 2011 Consent Order. That Consent Order was the result of extensive complaints EPIC and consumer organizations filed with the FTC in 2009 and 2010. In March, the Acting Director of the FTC stated "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."
  • EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices (Jun. 27, 2018) +
    EPIC has filed an amicus brief with the Ninth Circuit Court of Appeals in In re: Facebook, Inc. Internet Tracking Litigation. At issue is whether Facebook violated the privacy rights of users by tracking their web browsing even after they logged out of the platform. EPIC explained that cookies "no longer serve the interests of users" and instead "tag, track, and monitor users across the Internet." EPIC said a lower court wrongly concluded that users should develop countermeasures to assert their privacy rights. EPIC responded that it would be absurd to expect users to compete in a "technical arms race" when "Facebook's tracking techniques are designed to escape detection and the company routinely ignores users' privacy protections." EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." EPIC frequently participates as amicus curiae in consumer privacy cases, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.
  • US Consumer Groups Urge FTC To Examine 'Deceived by Design' Practices (Jun. 27, 2018) +
    EPIC and a coalition of consumer organizations sent a letter to the FTC about recent tactics by Facebook and Google to trick users into disclosing personal data. "We urge you to investigate the misleading and manipulative tactics of the dominant digital platforms in the United States, which steer users to 'consent' to privacy-invasive default settings," the letter states. The letter highlights a report by the Norwegian Consumer Council entitled "Deceived by Design," which details how companies employ numerous tricks and tactics to nudge users into selecting the least privacy-friendly options. EPIC and consumer privacy organizations previously filed complaints with the FTC when Facebook undermined users' privacy settings and Google automatically opted users into Google Buzz. In both cases, the FTC determined that the companies had engaged in "unfair and deceptive trade practices." Both Facebook and Google settled with the FTC and were then subject to 20 year consent orders that were intended to prevent the companies from engaging in similar practices in the future.
  • At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order (Jun. 19, 2018) +
    In a Senate Commerce Committee hearing today on Facebook and data privacy, former FTC CTO Ashkan Soltani stated that Facebook violated the 2011 FTC Consent Order by transferring personal data to Cambridge Analytica and device makers contrary to user privacy expectations. Soltani said that Facebook continued to misrepresent the extent to which users could control their privacy settings and allowed device makers to override users' privacy settings. Senator Blumenthal and other members of Congress had previously said the company violated the Consent Order, which was the result of complaints filed by EPIC in 2009 and 2010. In a statement to the Committee in advance of the hearing, EPIC urged the Senate to focus on the FTC's failure to enforce the Consent Order with Facebook.
  • EPIC Urges Senate Committee to Focus on Consent Order with Facebook (Jun. 19, 2018) +
    EPIC has sent a statement to the Senate Commerce Committee outlining the FTC's failure to enforce the 2011 Consent Order with Facebook. The statement from EPIC is for a hearing on "Cambridge Analytica and Other Facebook Partners: Examining Data Privacy Risks." In 2009, EPIC and several consumer groups pursued a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook's data practices. The FTC established a Consent Order in 2011, but failed to enforce the Order even after EPIC sued the agency in a related matter. In the statement to the Senate this week, EPIC contends that the FTC could have prevented the Cambridge Analytica debacle and Facebook's secret arrangements with device makers if the agency enforced the 2011 Order.
  • Facebook Overrode Users’ Privacy Settings And Allowed Device Makers To Access Personal Data (Jun. 5, 2018) +
    Facebook had secret arrangements with at least 60 device makers granting them access to users' personal data, according to a report by the New York Times. Facebook overrode users privacy settings to allow companies to access sensitive information that users' had explicitly set to private. These arrangements directly contradict Facebook's previous statements that it cut off third party access to user data in 2015. Facebook is already under FTC investigation for violating a 2011 Consent Order that EPIC and consumer privacy organizations obtained. The Order bars Facebook from disclosing data to third parties without explicit consent. EPIC recently urged the FTC to enforce the Consent Order following revelations that Facebook allowed Cambridge Analytica to access the data of 87 million users. In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."
  • EPIC Obtains Partial Release of 2017 Facebook Audit (Apr. 20, 2018) +
    EPIC has obtained a redacted version of the 2017 Facebook Assessment required by the 2012 Federal Trade Commission Consent Order. The Order required Facebook to conduct biennial assessments from a third-party auditor of Facebook's privacy and security practices. In March, EPIC filed a Freedom of Information Act request for the 2013, 2015, and 2017 Facebook Assessments as well as related records. The 2017 Facebook Assessment, prepared by PwC, stated that "Facebook's privacy controls were operating with sufficient effectiveness" to protect the privacy of users. This assessment was prepared after Cambridge Analytica harvested the personal data of 87 million Facebook users. In a statement to Congress for the Facebook hearings last week, EPIC noted that FTC Commissioners represented that the Consent Order protected the privacy of hundreds of millions of Facebook users in the United States and Europe.
  • Senator Blumenthal Calls On FTC To Enforce Consent Order Against Facebook (Apr. 20, 2018) +
    Senator Richard Blumenthal (D-CT) has called for "monetary penalties that provide redress for consumers and stricter oversight" in a letter to the Federal Trade Commission. Senator Blumenthal focused on the FTC's 2011 Consent Order that EPIC, and a coalition of consumer groups obtained, after preparing a detailed complaint in 2009. Referring to the Cambridge Analytica scandal, Senator Blumenthal wrote that "three of the FTC's claims concerned the misrepresentation of verification and privacy preferences of third-party apps." Senator Blumenthal also raised questions about the FTC's monitoring of the consent order, noting that "even the most rudimentary oversight would have uncovered these problematic terms of service." And the Senator stated, "The Cambridge Analytica matter also calls into question Facebook's compliance with the consent decree's requirements to respect privacy settings and protect private information." EPIC and other consumer groups recently urged the FTC to reopen the investigation. The FTC has confirmed that an investigation of Facebook is now underway.
  • EPIC Urges Senate to Focus on FTC Consent Order with Facebook (Apr. 9, 2018) +
    In advance of a joint hearing about Facebook's failure to protect the personal data of users, EPIC has sent a comprehensive statement to the Senate Committee on the Judiciary and the Senate Committee on Commerce. EPIC is urging the Senators to focus on the 2011 Consent Order between Facebook and the Federal Trade Commission. In 2009, EPIC and a coalition of consumer groups presented the FTC with a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook. The FTC adopted a Consent Order in 2011, based on EPIC's Complaint, but failed to enforce the Order even after EPIC sued the agency in a related matter. In numerous comments to the FTC, EPIC and others urged the FTC to enforce its consent order. In the statement to the Senate this week, EPIC contends that the Cambridge Analytica debacle could have been prevented if the FTC enforced the Order.
  • UPDATE - EPIC, Consumer Groups Urge FTC to Investigate Facebook's Use of Facial Recognition (Apr. 6, 2018) +
    EPIC and a coalition of consumer groups have filed a complaint with the FTC, charging that Facebook's use of facial recognition techniques threaten user privacy and "in multiple ways" violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." In 2011 EPIC and consumer groups urged the FTC to investigate Facebook’s facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques." EPIC President Marc Rotenberg said today, "Facebook should suspend further deployment of facial recognition pending the outcome of the FTC investigation."
  • EPIC, Consumer Groups to Urge Federal Trade Commission to Investigate Facebook's Use of Facial Recognition (Apr. 5, 2018) +
    EPIC and a coalition of consumer groups will file a complaint with the FTC on Friday charging that Facebook's use of facial recognition techniques threaten user privacy and violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." The FTC has confirmed that an investigation is now underway. The FTC said, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements." Facebook CEO Mark Zuckerberg will testify next week before the Senate Judiciary Committee and the House Commerce Committee. In 2011 EPIC urged the FTC to investigate Facebook's facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques."
  • State AGs Launch Facebook Investigation (Mar. 26, 2018) +
    A bipartisan group of 37 State Attorneys General is investigating Facebook's business practices and lack of privacy protections. "Businesses like Facebook must comply with the law when it comes to how they use their customers' personal data," Pennsylvania Attorney General Josh Shapiro said. "State Attorneys General have an important role to play in holding them accountable." The Federal Trade Commission also announced today that it is investigating Facebook. Senate Judiciary Chairman Grassley has also said there will be hearings on the Facebook matter when Congress returns.
  • FTC Confirms Investigation Into Facebook about 2011 Consent Order (Mar. 26, 2018) +
    The Federal Trade Commission has confirmed an investigation into Facebook for the company's failure to protect the personal data obtained by Cambridge Analytica. Facebook likely violated the FTC's 2011 Consent Order with the company. Last week, EPIC and a coalition of consumer organizations urged the FTC to reopen the investigation. EPIC and other consumer organizations brought the complaint that led to the FTC's 2011 Order. Thomas Pahl, the Acting Director of the FTC's Bureau of Consumer Protection stated today, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent article for Techonomy, EPIC President Marc Rotenberg emphasized that "the transfer of 50 million user records to the controversial data mining and political consulting firm could have been avoided if the Federal Trade Commission had done its job."
  • EPIC FOIAs FTC, Seeks Facebook's Privacy Assessments (Mar. 20, 2018) +
    EPIC has submitted an urgent Freedom of Information Act request to the Federal Trade Commission, seeking the privacy assessments required by the FTC's 2012 Consent Order. Facebook is required to produce independent privacy assessments every two years for the next 20 years. Each assessment should "identify Facebook's privacy controls maintained during the reporting period, explain the appropriateness of these controlsin relation to Facebook's activities and sensitivity of information, as well as explain how these controls meet or exceed the protections" required in the 2012 Consent Order. Facebook is also required to identify an independent privacy auditor, approved by the FTC. EPIC previously obtained the 2012 Initial Compliance Report as well as the 2013 Initial Assessment through an earlier FOIA request. EPIC is now seeking the 2015 and 2017 reports which cover the period for the data transfers to Cambridge Analytica.
  • EPIC, Consumer Groups Urge FTC To Investigate Facebook (Mar. 20, 2018) +
    In a statement issued today, EPIC and a coalition of consumer groups have called on the Federal Trade Commission to determine whether Facebook violated a 2011 Consent Order when it facilitated the transfer of personal data of 50 million Facebook users to the data mining firm Cambridge Analytica. The groups had repeatedly urged the FTC to enforce its own legal judgements. EPIC even sued the agency in 2012 for its failure to enforce a consent order against Google. "The FTC's failure to act imperils not only privacy but democracy as well," the groups warned. Between 2009 and 2011 EPIC and other consumer groups undertook extensive work to document Facebook's privacy abuses that led to the consent order in 2011.
  • Facebook "Breach" Highlights Failure of FTC to Enforce Consent Orders (Mar. 19, 2018) +
    In 2009, EPIC and a coalition of US consumer privacy organizations petitioned the Federal Trade Commission to establish comprehensive privacy safeguards after Facebook changed user privacy settings and secretly transferred user data to third parties. In 2011, the FTC agreed with the privacy groups and established a far-reaching settlement with the company, that prevented such disclosures, prohibited deceptive statements, and required annual reporting. But the FTC failed to enforce its consent order, even after EPIC sued the agency and consumer groups repeatedly urged the Commission to act. This weekend the Washington Post and the New York Times reported that Facebook disclosed the personal data of 50 million users without their consent to Cambridge Analytica, the controversial British data mining firm that sought to influence the 2016 presidential election.
  • EPIC Offers Recommendations for Future of FTC Ahead of Senate Hearing on Nominees (Feb. 13, 2018) +
    In advance of a Senate hearing on four nominees to the Federal Trade Commission, EPIC recommended 10 steps for the FTC to safeguard American consumers. EPIC explained that the FTC's failure to address the data protection crisis has contributed to unprecedented levels of data breach and identity theft in the United States. EPIC helped establish the FTC's authority for consumer privacy and has urged the FTC to safeguard American consumers in cases involving Microsoft, Google, Facebook, Uber, Samsung and others. EPIC also filed a lawsuit against the FTC when it failed to enforce a consent order against Google.
  • EPIC Calls for Greater FTC Enforcement (Sep. 28, 2017) +
    In advance of a Senate Commerce hearing on consumer privacy, EPIC called for more action by the Federal Trade Commission to protect American consumers. In a statement for the Committee, EPIC said that "the FTC is simply not doing enough to safeguard the personal data of American consumers." EPIC explained that "the FTC's privacy framework - based largely on 'notice and choice' - is simply not working." EPIC also warned that consumers "face unprecedented threats of identity theft, financial fraud, and security breach." EPIC has fought for consumer privacy rights at the FTC for more than two decades, filing landmark complaints about privacy violations by Uber, Microsoft, Facebook, Google, and even suing the Commission when it has failed to enforce its own orders.
  • EPIC Urges Public Comments on FTC Settlement with Uber (Sep. 6, 2017) +
    EPIC is urging the public to comment on the proposed FTC settlement with Uber regarding consumer privacy. (Federal Register Notice). The FTC settlement follows EPIC's 2015 complaint, which detailed Uber's secretive tracking of customers and surreptitious collection of user data. The proposed settlement requires regular privacy audits of Uber by third parties but fails to make substantial changes in the companies business practices or require the company to delete the personal data that was wrongfully obtained. The deadline to file a comment with the FTC is September 15, 2017. The FTC is required to consider public comments before finalizing a proposed settlement. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC also recently filed an FTC complaint to stop Google from tracking in-store purchases.
  • Following EPIC Complaint, Uber Agrees To Stop Tracking Riders (Aug. 29, 2017) +
    Uber has ended the practice of tracking customers before and after they are picked up. In 2015, Uber announced the company would track the location of riders from the time they ordered a ride until after they had reached their destination. EPIC promptly filed a complaint with the FTC and stated that "This collection of user's information far exceeds what customers expect from the transportation service." The end to Uber's tracking of riders comes two weeks after Uber entered into a consent agreement with the FTC following a complaint filed EPIC that highlighted Uber's history of misusing customer data. But EPIC said the FTC settlement does not go far enough. "The FTC should have imposed stronger sanctions on Uber, required the company to disgorge the personal data it had unlawfully obtained, and required the company to restore the original privacy settings," said EPIC President Marc Rotenberg. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC recently filed an FTC complaint to stop Google from tracking in-store purchases.
  • After EPIC Privacy Complaint, Uber Settles with FTC (Aug. 15, 2017) +
    After an EPIC complaint about Uber's privacy practices, Uber has entered into a consent agreement with the FTC. The agreement prohibits Uber from misrepresenting how it monitors or secures consumer information. As with most FTC privacy settlements, the agreement also requires Uber to implement a comprehensive privacy program and obtain periodic independent third-party audits. In 2015, EPIC filed a complaint with the Federal Trade Commission charging that Uber's plan to track users and gather contact details was an unlawful and deceptive trade practice. EPIC cited Uber's history of misusing customer data as one of many reasons the Commission should act. EPIC has previously pursued successful FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC recently filed an FTC complaint to stop Google from tracking in-store purchases.
  • Rep. Blackburn Proposes Online Privacy Bill, Would Preempt Stronger State Protections (May. 19, 2017) +
    Rep. Marsha Blackburn (R-TN) has introduced the The Browser Act, H.R. 2520, aimed at protecting online privacy. The Browser Act would apply to Internet ISPs as well as Internet companies, such, as Google and Facebook, and would generally require "opt-in" consent before sensitive information could be collected or disclosed. However, the bill lacks a private right of action or a remedy for violations. The bill gives enforcement authority to the FTC which has mostly failed to protect consumers online privacy. The bill lacks data breach notification, and would overwrite stronger state privacy laws that protect consumers. In comments to the FCC and elsewhere, EPIC has set out a comprehensive framework for online privacy.
  • EPIC, CDD Charge WhatsApp Policy Change Unlawful, Urge FTC to Act (Aug. 29, 2016) +
    EPIC and the Center for Digital Democracy have filed a complaint with the FTC concerning WhatsApp’s plan to transfer user data, including personal phone numbers, to Facebook. This reversal contradicts WhatsApp’s previous promises to users that their personal information would not be disclosed and would not be used for marketing purposes. EPIC said that WhatsApp change in business practices is unlawful and that the FTC is obligated to act. EPIC previously filed a complaint with the FTC over Facebook’s acquisition of WhatsApp in 2014. In response, the FTC warned the two companies they must honor their privacy promises to users. The FTC has said "When companies tell consumers they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises."
  • With New Policy Changes, Facebook Tracks Users Across the Web (Feb. 4, 2015) +
    Over the objections of consumer privacy organizations, Facebook has implemented policy changes that allow the company to track users across the web without consent. The Dutch data protection commissioner launched an investigation after the original announcement. This week the a German privacy agency announced a similar investigation. Last year, EPIC and a coalition of consumer privacy groups urged the FTC to halt Facebook's plan to collect web-browsing information from its users. Facebook is already under a 20 year consent decree for changing users' privacy settings. The consent decree resulted from complaints brought by EPIC and others in 2009 and 2010.
  • Facebook Revises Privacy Policy (Dec. 5, 2014) +
    Facebook has again revised its privacy policy. Despite the new graphics, Facebook continues to collect and disclose enormous amounts of user data without meaningful consent. The use of location data has expanded dramatically. "We collect information from or about the computers, phones, or other devices where you install or access our Services," states Facebook. These include "device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals." Facebook is currently under a 20 year consent decree with the Federal Trade Commission as a consequence of a complaint brought by EPIC and coalition of consumer privacy organizations when the company changed the privacy settings of users. More recently consumer organizations in the US and Europe have objected to Facebook's decision to track the web activities of users and to profile offline purchase. Privacy groups have also objected to Facebook's manipulation of user news feeds. For more information, see EPIC: Facebook and EPIC: In re Facebook.
  • Facebook Responds to EPIC Complaint About "Emotions Study" (Oct. 2, 2014) +
    Facebook has announced revised guidelines concerning user data the company discloses to researchers. In 2012, Facebook subjected 700,000 users to an "emotional" test by manipulating their News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In response, EPIC filed a formal complaint to the Federal Trade Commission. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has also asked the FTC to require that Facebook make public the News Feed algorithm. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy, as a result of complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. The new guidelines have improved Facebook's research process, but they still raise questions about human subject testing by advertising companies. EPIC still believes the NewsFeed algorithm should be made public. For more information, see EPIC: In re: Facebook (Psychological Study) and EPIC: Federal Trade Commission.
  • European Facebook Users Privacy Lawsuit Moves Forward (Aug. 26, 2014) +
    A group of over 25,000 European Facebook users may proceed with their lawsuit against Facebook. The users, led by privacy activist Max Schrems, sued Facebook in a court in Vienna. The users charge Facebook with violating EU privacy law by improperly handling users' data. Now that the court has approved the class action suit, Facebook must respond to the complaints. In 2011, Schrems brought a similar lawsuit against Facebook in an Irish court. In the same year, Facebook signed a consent order with the Federal Trade Commission, following a complaint filed by EPIC and a group of American consumer privacy organizations. EPIC has also filed an amicus brief in a federal class action lawsuit, opposing Facebook's use of children's images for advertising purposes. In 2013, EPIC gave the International Privacy Champion Award to Max Schrems, calling him "an innovative and effective spokesperson for the right to privacy." For more information, see EPIC: In re Facebook.
  • Following EPIC Complaint, Senator Seeks Investigation of Facebook User Manipulation Study (Jul. 17, 2014) +
    Senator Mark Warner has asked the Federal Trade Commission to investigate the legality of Facebook's emotional manipulation study. In a letter to the Commission, Senator Warner stated that "it is not clear whether Facebook users were adequately informed and given an opportunity to opt-in or opt-out." He asked the FTC to conduct an investigation to see "if this 2012 experiment violated Section 5 of the FTC Act or the 2011 consent agreement with Facebook," two issues raised in EPIC's earlier complaint. "The company purposefully messed with people's minds," wrote EPIC in a complaint to the Commission. EPIC charged that Facebook violated a consent decree that required the company to respect user privacy and also engaged in a deceptive trade practice. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.
  • EPIC Challenges Facebook's Manipulation of Users, Files FTC Complaint (Jul. 3, 2014) +
    EPIC has filed a formal complaint to the Federal Trade Commission concerning Facebook's manipulation of users' News Feeds for psychological research. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has charged that the study violates a privacy consent order and is a deceptive trade practice. In 2012, Facebook subjected 700,000 users to an "emotional" test with the manipulation of News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In the complaint, EPIC explained that Facebook's misuse of data is a deceptive practice subject to FTC enforcement. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy. The consent decree resulted from complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.
  • EPIC Urges FTC to Protect Snapchat Users' Privacy (Jun. 10, 2014) +
    EPIC has submitted comments to the Federal Trade Commission, urging the agency to require Snapchat to safeguard consumer privacy. Following a 2013 EPIC complaint, the FTC signed a consent order with Snapchat, the publisher of a mobile app that encourages users to share intimate photos and videos. Snapchat claimed that pictures and videos would "disappear forever," but that was false. As EPIC explained, "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." EPIC expressed support for the findings in the proposed FTC Settlement with Snapchat. But EPIC recommended that the FTC require Snapchat to implement the Consumer Privacy Bill of Rights and make Snapchat's independent privacy assessments publicly available. EPIC pursued similar claims involving false promises about data deletion with AskEraser. EPIC has also made similar recommendation for other proposed FTC consumer privacy settlements. For more information, see EPIC: In re Google, EPIC: In re Facebook, and EPIC: FTC.
  • Federal Trade Commission Urges Court to Protect Student Privacy (May. 29, 2014) +
    The Federal Trade Commission is opposing the sale of student data in a bankruptcy proceeding for ConnectEDU. The company privacy policy promises it will give students "reasonable notice and an opportunity to remove personally identifiable information" from its website. The FTC said that the sale of student information "without reasonable notice to users and an opportunity to remove personal information would contradict the privacy statements originally made to users." The FTC letter also cites consent agreements with Snapchat, Google, and Facebook. Each of these consent orders was a result of an EPIC FTC complaint. Last year, EPIC filed an extensive complaint concerning Scholarships.com's business practices. The company encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. For more information, see EPIC: Student Privacy, EPIC: In re Google Buzz, EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • EU Court Rules Google Must Respect Right to Delete Links (May. 13, 2014) +
    The European Court of Justice has upheld the "right to be forgotten" and ruled that Google must delete links upon request concerning private life. The Court also determined that companies are subject to the EU Data Protection Directive and that jurisdiction extends to companies that set up a branch in an EU state. The Court said that since privacy is a fundamental right, it overrules the economic interests of the company and the public interest in access to the information. However this is not the case concerning one's activity in public life. EPIC has broadly supported the privacy rights of Internet users and the specific right to "expunge" information held by commercial firms. For more information, see EPIC - In re Facebook, EPIC - Expungement, and EPIC - G.D. v. Kenny.
  • EPIC's Snapchat Privacy Complaint Results in 20-Year FTC Consent Order (May. 8, 2014) +
    Following a 2013 EPIC complaint, the FTC has signed a consent order with Snapchat, the publisher of a mobile app that encourages user to share intimate photos and videos. Snapchat claimed that pictures and videos would "disappear forever." However, the images could be retrieved by others. As EPIC wrote in the complaint "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." In announcing the settlement, FTC Chairwoman Edith Ramirez said, "If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action." Under the settlement, Snapchat will be subject to 20 years of privacy audits, and will be prohibited from making false claims about its privacy policies. EPIC pursued similar claims involve false promises about data deletion with AskEraser. The FTC will be accepting Public Comments on the proposed Snapchat consent order. For more information, see EPIC: In re Google, EPIC: In re Facebook and EPIC: FTC.
  • FTC Responds to EPIC Complaint on WhatsApp and Privacy (Apr. 10, 2014) +
    The Federal Trade Commission has notified Facebook and WhatsApp that they must honor their privacy commitments to users. According to the letter from the Director of the FTC Bureau of Consumer Protection, "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook." The FTC letter followed a detailed complaint from EPIC and CDD concerning the privacy implications of the $19B sale to Facebook. WhatsApp had assured users of strong privacy safeguards prior to the sale. The FTC letter concludes "hundreds of millions of users have entrusted their personal information to WhatsApp. The FTC staff continue to monitor the companies' practices to ensure that Facebook and WhatsApp honor the promises they have made to those users." For more information, see EPIC: In re: WhatsApp, EPIC: In re: Facebook and EPIC: Federal Trade Commission.
  • Federal Trade Commission Backs Users in Facebook Privacy Case (Mar. 21, 2014) +
    The FTC has filed an amicus brief in a case before a federal appeals court concerning Facebook users. If a controversial settlement is approved, Facebook will display the images of users, including young children, in Facebook advertising without consent. Several Facebook users formally objected to the plan, arguing that it would violate state laws. A children's advocacy organization also objected, stating that the "settlement is actually worse than no settlement." The FTC brief explains that state privacy laws do prevent the display of children's images without consent. EPIC also filed an amicus brief in support of the users, explaining that the settlement is unfair and should be rejected. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.
  • WhatsApp Founder Responds to EPIC Privacy Complaint (Mar. 18, 2014) +
    Following Facebook's announced plan to purchase WhatsApp, a popular pro-privacy messaging services, EPIC urged the FTC to block the acquisition. EPIC explained to the Commission that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. WhatsApp founder Jan Koum has now published a blog post in response to the EPIC Complaint. Koum wrote, "Above all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal." He added, "Make no mistake: our future partnership with Facebook will not compromise the vision that brought us to this point." For more information, see EPIC: In re WhatsApp, EPIC: Federal Trade Commission, and EPIC: In re Facebook.
  • EPIC Urges FTC Investigation of WhatsApp Sale to Facebook (Mar. 6, 2014) +
    EPIC has filed a complaint to the Federal Trade Commission concerning Facebook's proposed purchase of WhatsApp. WhatsApp is a messaging service that gained popularity based on its strong pro-privacy approach to user data. WhatsApp currently has 450 million active users, many of whom have objected to the proposed acquisition. Facebook regularly incorporates data from companies it has acquired.The Federal Trade Commission has previously responded favorably to EPIC complaints concerning Google Buzz, Microsoft Passport, Changes in Facebook Privacy Settings, and Choicepoint security practices. However, the FTC approved Google's acquisition of Doubleclick over EPIC's objection. Facebook is currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy and to comply with the US-EU Safe Harbor guidelines. For more information, see EPIC: In re Google Buzz, EPIC: Microsoft Passport, EPIC: In re Facebook, and Privacy? Proposed Google/DoubleClick Merger.
  • EPIC Files Amicus Brief in Facebook Consumer Privacy Case, Urges Rejection of Settlement (Feb. 21, 2014) +
    EPIC has filed a amicus brief urging a federal appeals court to overturn a controversial consumer privacy settlement. If the Fraley v. Facebook settlement is approved, Facebook will display the images of Facebook users, including young children, for commercial endorsement without consent. Facebook users opposed "Sponsored Stories" and several have formally objected to the settlement, including a children's advocacy organization which said that the "settlement is actually worse than no settlement." The MacArthur Foundation also withdrew stating it should not have been designated to receive funds. EPIC's amicus brief in support of the objectors explains that the settlement is unfair to Facebook users and should be rejected. EPIC also notes that Chief Justice Roberts expressed concerns about a similar privacy settlement involving Facebook. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.
  • Instagram Retreats on Changes to Terms of Service, Cites User Opposition (Dec. 21, 2012) +
    Instagram announced that it would withdraw proposed changes to its terms of service announced earlier this week. Instagram backed off a plan to use the names, images, and photos of users for advertising purposes, pleading instead to "complete our plans, and then come back to our users and explain how we would like for our advertising business to work." Instagram's parent company, Facebook, is bound by the terms of a settlement with the Federal Trade Commission, initiated in 2009 by EPIC and other consumer privacy organizations, that prohibits the company from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. A recent letter to Facebook CEO Mark Zuckerberg from EPIC and the Center for Digital Democracy warned that Facebook's proposed changes would adversely affect Instagram users. For more information, see EPIC: Facebook, EPIC: In re Facebook, and EPIC: FTC.
  • Facebook Updates Privacy Controls, Removes Profiles Safeguard (Dec. 13, 2012) +
    Facebook announced changes to its privacy controls and the privacy settings of its users. The changes include settings that allow users to choose which information apps can access and disclose, and a privacy shortcuts menu. But Facebook also removed an option that allowed users to hide themselves from strangers through Facebook’s search function. The changes follow an election conducted by Facebook in which 88 percent of voters opposed changing the privacy policy and voting rights of users. EPIC previously wrote to the Federal Trade Commission regarding the blanket disclosure features of certain apps and the proposal to end the voting part of the site governance process Facebook. Facebook is currently subject to a settlement with the FTC over privacy violations. For more information, see EPIC: Facebook and EPIC: In re Facebook.
  • Judge Rejects Settlement in Facebook "Sponsored Stories" Case (Aug. 21, 2012) +
    A federal judge has rejected a proposed settlement in a class-action lawsuit about Facebook's unapproved use of user images for advertising purposes. The judge, who had previously expressed skepticism about the terms of the settlement, wrote that the plaintiffs had not justified the lack of direct monetary payments to Facebook users, nor had they explained how users will receive an economic benefit from being able to opt out of future endorsements. EPIC and several consumer privacy organizations opposed the settlement, saying that there was little benefit to Facebook users and that the cy pres allocation was not aligned with the interests of the class. In 2009 and 2010 EPIC and a coalition of consumer privacy organizations brought a successful complaint to the Federal Trade Commission that resulted in a significant consent order. In a letter to the court following the recent court order, EPIC explained that the FTC settlement had produced far greater benefits for Facebook users. For more information, see EPIC: In re Facebook.
  • FTC Finalizes Settlement with Facebook (Aug. 10, 2012) +
    The Federal Trade Commission has finalized the terms of a settlement with Facebook first announced in November of 2011. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In comments filed with the FTC, EPIC recommended strengthening the settlement by requiring Facebook to restore the privacy settings users had in 2009; giving users access to all of the data that Facebook keeps about them; preventing Facebook from creating facial recognition profiles without users’ consent; and publicizing the results of the government privacy audits. Although the FTC decided to adopt the settlement without any modifications, in a response to EPIC, the Commission said that facial recognition data is included within the settlement's definition of "covered information," that the audits would be publicly available to the extent permitted by law, and that the terms of the settlement "are broad enough to address misconduct beyond that expressly challenged in the complaint." Commissioner Rosch dissented from the final settlement, citing concerns that the provisions might not adequately cover deceptive statements made by Facebook apps. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • Judge Skeptical of Facebook Settlement (Aug. 3, 2012) +
    At a preliminary hearing on a proposed settlement involving Facebook "sponsored stories," Judge Seeborg expressed skepticism about the deal, wondering if there was any actual benefit to Facebook users. The deal, which had been endorsed by some groups funded by Facebook, was opposed by EPIC and several consumer privacy organizations. In 2009, EPIC and a coalition of consumer privacy organizations brought a successful complaint to the FTC that resulted in a significant consent order. For more information, see In re Facebook.
  • Facebook Timeline Changes User Privacy Settings. Again. (Dec. 15, 2011) +
    Without user consent, Facebook announced today that it would post archived user information, making old posts available under Facebook's current downgraded privacy settings. Users have just a week to clean up their history before Timeline goes live. The surprising announcement follows a recent decision by the Federal Trade Commission which found that the company had engaged in "unfair and deceptive" trade practices when it changed the privacy settings of its users. EPIC initiated that complaint and is now urging FB users to submit comments to strengthen the proposed settlement. For more information, see EPIC - In Re Facebook and EPIC - Facebook and Privacy.
  • Federal Trade Commission Announces Settlement in EPIC Facebook Privacy Complaint (Nov. 29, 2011) +
    The Federal Trade Commission has announced an agreement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. In 2009, the EPIC first asked the FTC to investigate Facebook's decision to change its users' privacy settings in a way that made users' personal information, such as Friend lists and application usage data, more widely available to the public and to Facebook’s business partners. The violations are also detailed in the FTC’s 8-count complaint against the company. The proposed settlement agreement bars Facebook from making future changes privacy settings without the affirmative consent of users and requires the company to implement a comprehensive privacy protection program and submit to independent privacy audits for 20 years. The settlement does not adopt EPIC's recommendation that Facebook restore users' privacy settings to pre-2009 levels. Facebook CEO Mark Zuckerberg reacted to the settlement in a post on Facebook's blog, saying that he was "first to admit that we've made a bunch of mistakes." For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • FTC Releases Agenda for Facial Recognition Workshop (Nov. 22, 2011) +
    The Federal Trade Commission has announced the agenda and panelists for a workshop exploring the privacy and security issues raised by the increased use of facial recognition technology. The workshop will be held December 8, 2011 at the FTC Conference Center, and will feature diverse panelists with consumer protection, privacy, business, international, and academic backgrounds. EPIC Senior Counsel John Verdi will speak on the panel "Facial Detection & Recognition: Exploring the Policy Implications." EPIC has a complaint pending before the FTC over Facebook's use of facial recognition technology to build a secret database of users' biometric data and to enable the company to automatically tag users in photos. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • WSJ: Facebook Close to Settlement with FTC over EPIC Complaint (Nov. 10, 2011) +
    The Wall Street Journal reports that the Federal Trade Commission is finalizing a settlement with Facebook that follows from a complaint from EPIC and a coalition of US consumer and privacy organizations. In 2009, the organizations urged the Commission to investigate Facebook's decision to change its users' privacy settings which made the personal information of Facebook users more widely available to Facebook's business partners and the public. According to the Wall Street Journal, the settlement would require Facebook to obtain "express affirmative consent" if Facebook makes "material retroactive changes," and to submit to independent privacy audits for 20 years. For more information, see EPIC: In re Facebook, EPIC: Facebook Privacy and EPIC: Federal Trade Commission.
  • Sen. Rockefeller Requests FTC Report on Facial Recognition Technology (Oct. 20, 2011) +
    Senator John D. Rockefeller (D-WV) sent a letter requesting that the Federal Trade Commission assess the use of facial recognition technology and recommend legislation to protect privacy. Facial recognition technology is being used by technology firms and also police agencies, which has raised civil liberties concerns. The letter cited mobile applications such as SceneTap, which "tracks the male/female ratio and age mix of the crowd [in bars]" and digital advertising at the Venetian Resort in Las Vegas that tailors ads to the person standing in front of the display based on recognition of that person’s age and gender. The FTC will hold a workshop on facial recognition technology on December 8, 2011. EPIC's complaint regarding Facebook's facial recognition is still pending before the FTC. For more information, see EPIC: In re Facebook, and EPIC: Facial Recognition.
  • Facebook Makes Some Changes, Privacy Complaints Still Pending (Aug. 29, 2011) +
    In response to several complaints filed by EPIC with the Federal Trade Commission, Facebook announced that it would make some changes in its business practices, including providing more accurate information about the disclosure of user data to others and new safeguards for photo tagging. EPIC, along with several privacy organizations, filed several complaints with the FTC about FB's automated tagging of users, changes in Privacy settings, and transfers of personal data, stating that Facebook's practices were "unfair and deceptive." Facebook's recent actions address some but not all of the issues raised by the consumer organizations. The complaint at the FTC are still pending. For more information see EPIC: Facebook Privacy.
  • Facebook Makes Changes to Facial Recognition; Still Relying on Opt-Out (Jul. 27, 2011) +
    In response to a letter from the Connecticut Attorney General, Facebook agreed to run ads that link users to their privacy settings and show them how to opt-out of Facebook's facial recognition program. The ads are new, but Facebook has failed to implement an opt-in model for its facial recognition technology. EPIC, along with several other organizations, filed a complaint with the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices regarding biometric data collection. EPIC urged the FTC to require Facebook to suspend the program pending a full investigation. EPIC also urged the Commission to require Facebook to establish stronger privacy safeguards and an opt-in regime for the facial recognition scheme. For more information, see EPIC: In re Facebook and the Facial Identification of Users.
  • Congressman Markey Commends EPIC, Privacy Groups for Filing Facebook Complaint (Jun. 14, 2011) +
    Congressman Ed Markey today expressed support for the complaint filed last week by EPIC and privacy groups concerning Facebook's new scheme for online tagging. In a published statement, Congressman Markey said, "The Federal Trade Commission should investigate this important privacy matter, and I commend the consumer groups for their filing. When it comes to users’ privacy, Facebook’s policy should be: 'Ask for permission, don’t assume it.' Rather than facial recognition, there should be a Facebook recognition that changing privacy settings without permission is wrong. I encourage the FTC to probe this issue and will continue to closely monitor this issue." EPIC and consumer groups now have several complaints regarding Facebook pending at the FTC. For more information, see EPIC - In re Facebook and EPIC - In re Facebook II, and EPIC - Facebook and Privacy.
  • EPIC Files Complaint, Urges Investigation of Facebook's Facial Recognition Techniques (Jun. 10, 2011) +
    Today EPIC, and several privacy organizations, filed a complaint with the Federal Trade Commission about Facebook's automated tagging of Facebook users. EPIC alleged that the service was unfair and deceptive and urged the FTC to require Facebook to suspend the program, pending a full investigation, the establishment of stronger privacy standards, and a requirement that automated identification, based on user photos, require opt-in consent. EPIC alleged that "Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook." EPIC warned that "absent injunctive relief by the Commission, Facebook will likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control." EPIC has previously filed two complaints with the Commission regarding Facebook. For more information see EPIC: Facebook Privacy.
  • Facebook Resumes Plan to Disclose User Home Addresses and Mobile Phone Numbers (Mar. 2, 2011) +
    Facebook indicated in a letter to Rep. Markey (D-MA) and Rep. Barton (R-TX) that it will go forward with a proposal to provide users' addresses and mobile phone numbers to third-party application developers. The Congressman earlier expressed concern about the proposal. Facebook also wrote that it may disclose the home addresses and mobile numbers of minors who use the social networking service. Facebook suspended the plan after EPIC and others objected. EPIC and several consumer organizations have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In re Facebook, EPIC: In re Facebook II, and EPIC: Facebook Privacy.
  • Congressman Barton and Markey Challenge Facebook on Disclosure of Home Addresses, Mobile Phone Numbers (Feb. 2, 2011) +
    A letter from Rep. Ed Markey (D-MA) and Rep. Joe Barton (R-TX) to Mark Zuckerberg asks about Facebook's plans to make users' addresses and mobile phone numbers available to websites and application developers. Facebook suspended the plan after EPIC and others objected. EPIC Executive Director Marc Rotenberg said that "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." EPIC, and several consumer organizations, have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.
  • Facebook Drops Plan to Disclose Users' Home Addresses and Personal Phone Numbers (Jan. 18, 2011) +
    Facebook has retreated from its decision to allow third-party access to users home addresses and phone numbers. Facebook backed off after criticism of the new policy, but said it would go forward once it has made further changes. EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." EPIC, and several consumer organizations, have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.
  • Congressmen Question Facebook About Latest Privacy Breach (Oct. 20, 2010) +
    Congressmen Ed Markey (D-MA) and Joe Barton (R-TX) sent a letter to Facebook about the news that Facebook's business partners transmitted personal user data to advertising and internet tracking companies in violation of the company's policy. EPIC has two complaints pending at the Federal Trade Commission regarding Facebook's unfair and deceptive trade practices. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.
  • Facebook "Places" Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users (Aug. 19, 2010) +
    The recently announced Facebook service Places makes user location data routinely available to others, including Facebook business partners, regardless of whether users wish to disclose their location. There is no single opt-out to avoid location tracking; users must change several different privacy settings to restore their privacy status quo. For users who do not want location information revealed to others, EPIC recommends that Facebook users: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited." EPIC, joined by many consumer and privacy organizations, has two complaints pending at the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices, which are frequently associated with new product announcements. For more information, see EPIC In Re Facebook, EPIC In Re Facebook II, and EPIC Facebook Privacy.
  • Federal Trade Commission Takes Action Against Twitter, Social Network Service Settles Charges It Deceived Consumers (Jun. 24, 2010) +
    The FTC announced a significant enforcement action today. The Commission's complaint against Twitter charged that "serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter." The FTC found that the lax practices allowed access to nonpublic tweets even though the company assured users in its privacy policy that it was "very concerned about safeguarding the confidentiality of your personally identifiable information." Under the terms of the settlement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information." EPIC has two complaints currently pending at the FTC concerning similar practices by Facebook, another social networking service. For more information, see EPIC - Facebook Privacy, EPIC - In re Facebook I, and EPIC - In re Facebook II.
  • Congress Pursues Investigation of Google and Facebook's Business Practices (Jun. 1, 2010) +
    Following similar letters from other Congressional leaders, the head of the House Judiciary Committee has asked Google Inc. and Facebook to cooperate with government inquiries into privacy practices at both companies. Rep. Conyers (D-MI) noted that Google's collection of user data "may be the subject of federal and state investigations" and asked Google to retain the data until "such time as review of this matter is complete." Rep. Conyers also asked Facebook to provide a detailed explanation regarding its collection and sharing of user information. The House Judiciary Committee is expected to hold hearings on electronic privacy later this year. For more information, see EPIC: Facebook Privacy, EPIC: In re Facebook II, and EPIC: Search Engine Privacy.
  • Facebook Expected to Announce Privacy Changes (May. 25, 2010) +
    Following a recent column in the Washington Post by Facebook CEO Mark Zuckerberg, the company is expected to announce new, simplified privacy settings this week.  EPIC objected to the last several rounds of changes that Facebook made, filing a complaint with the FTC in December when the company reclassified much of users' data as "publicly available information," a supplement to that complaint in January, and another complaint this month when Facebook forced users' profile information to become publicly available links instead of private data.  For more information, see EPIC: Facebook, EPIC: In re Facebook, and EPIC: In re Facebook II.
  • New Facebook Privacy Complaint Filed with Trade Commission (May. 5, 2010) +
    Today, EPIC and 14 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection law. The complaint states that changes to user profile information and the disclosure of user data to third parties without consent "violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The complaint also cites widespread opposition from Facebook users, Senators, bloggers, and news organizations. In a letter to Congress, EPIC urged the Senate and House Committees with jurisdiction over the FTC to monitor closely the Commission's investigation. The letter noted the FTC's failure to act on several pending consumer privacy complaints. For more information, see EPIC: Facebook Privacy.
  • Senators Oppose Facebook Changes, Schumer Urges Trade Commission to Regulate Social Network Services (Apr. 27, 2010) +
    Senators Charles Schumer (D-NY), Michael Bennet (D-CO), Mark Begich (D-AK), and Al Franken (D-MI) have sent a letter to Facebook CEO Mark Zuckerberg to express concern about "recent changes to the Facebook privacy policy and the use of personal data by third-party websites." Senator Schumer has also asked the Federal Trade Commission to establish guidelines for social networking sites. The Senators' statements came after Facebook announced it would disclose user data to websites without consent. Senator Schumer stated "Previously, users had the ability to determine what information they chose to share and what information they wanted to keep private." EPIC has filed a complaint and with the FTC about the recent changes to Facebook's privacy settings. For more information, see EPIC: Facebook Privacy and EPIC: In re Facebook.
  • EPIC’s Facebook Complaint of "particular interest" to FTC (Jan. 19, 2010) +
    The FTC has sent a letter to EPIC regarding the December 2009 complaint, submitted by privacy organizations, about Facebook’s recent changes to user privacy settings. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises issues of particular interest” for the FTC. Further, Vladeck stresses the importance of providing “transparency about how this data is being handled, maintained, shared, and protected . . . .” The Commission, however, cannot confirm or deny whether an investigation has been launched. The letter came one day before EPIC filed a supplemental complaint regarding Facebook’s privacy practices. For more information, see EPIC: In re Facebook.
  • Privacy Groups File Amended Complaint regarding Facebook (Jan. 14, 2010) +
    EPIC and several other groups filed a supplement to the groups' original complaint with the Federal Trade Commission concerning Facebook’s recent privacy changes. The new complaint provides additional evidence of Facebook’s unfair and deceptive trade practices relating to Facebook CEO's public statements, the most recent version of the Facebook for iPhone application, Facebook Connect, and "web-suicide" applications. The complaint also offers numerous examples of media stories and blog posts in support of an investigation by the Federal Trade Commission into Facebook’s unfair and deceptive trade practices. For more information, see EPIC: In re Facebook.
  • EPIC Seeks Facebook Communications Detailing Privacy Changes (Dec. 29, 2009) +
    EPIC filed a Freedom of Information Act (FOIA) request with the Federal Trade Commission (FTC), seeking communications with Facebook discussing the site’s recent privacy changes. In November and December 2009, Facebook made several changes to the website’s privacy policy and settings. In response to these changes, which no longer allow users to control the visibility of certain types of information, EPIC submitted a complaint to the FTC, alleging Facebook is engaging in “unfair and deceptive practices.” Facebook spokespersons issued a statement shortly after the complaint was filed, asserting, “We discussed the privacy program with many regulators, including the F.T.C., prior to launch.” EPIC requested documents pertaining to the communications Facebook allegedly had with the federal agency. For more information, see EPIC: In re Facebook.
  • EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission (Dec. 17, 2009) +
    EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Facebook’s revised privacy settings. The EPIC complaint, signed by nine other privacy and consumer organizations, states that the  "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." EPIC cites widespread opposition from Facebook users, security experts, bloggers, and news organizations. A previous EPIC complaint to the FTC, concerning the data broker industry, produced the largest settlement in the FTC's history.  For more information, see EPIC: In re Facebook, Frequently Asked Questions Regarding EPIC's Facebook Complaint, and EPIC Facebook Privacy. EPIC PRESS RELEASE.
  • Facebook Asks Users to Review Privacy Settings, Recommends Privacy Options, Questions Remain (Dec. 9, 2009) +
    Facebook is asking users to review and update their privacy settings. However, the privacy recommendations, suggested by Facebook, may result in greater disclosure than users intend. Facebook faces ongoing privacy scrutiny following Beacon, proposed changes to the Terms of Services, and a settlement now pending in California. EPIC has urged Facebook to respect user privacy settings. EPIC is also defending the privacy rights of Facebook users who participated in Beacon. For more information, see EPIC: Facebook Privacy.

Summary

EPIC has filed a Motion to Intervene in United States v. Facebook to protect the interests of Facebook users. The case concerns the proposed settlement between the FTC and Facebook following the Cambridge Analytica breach in 2018. EPIC said the settlement "is not adequate, reasonable, or appropriate." EPIC also explained that the settlement would extinguish more than 26,000 consumer complaints against Facebook pending at the FTC. EPIC asked the court for an opportunity for EPIC and others to be heard before the settlement is finalized. EPIC filed the original complaint that created legal authority for the FTC to oversee Facebook. Back in 2011, EPIC also urged the Commission to require Facebook to restore the privacy settings of users, give users access to all of the data that Facebook keeps about them, stop making facial recognition profiles without users' consent, make the results of the government privacy audits public, and stop secretly tracking users across the web. Earlier this year, EPIC and others urged the FTC to pursue structural remedies, including the divestiture of WhatsApp. Many organizations and individuals have expressed concern about the proposed settlement, which was narrowly approved by the Commission, 3-2.

Background

From 2009 to 2011, EPIC and a coalition of consumer organizations pursued several complaints with the Federal Trade Commission, alleging that Facebook had changed user privacy settings and disclosed the personal data of users to third parties without the consent of users. EPIC conducted extensive research and documented the instances of Facebook overriding the users’ privacy settings to reveal personal information and to disclose, for commercial benefit, user data, and the personal data of friends and family members, to third parties without their knowledge or affirmative consent.

In response to the complaints, the FTC launched an extensive investigation into Facebook’s policies and practices. The FTC and issued a Preliminary Order against Facebook in 2011 and then a Final Order in 2012. The Final Order bars Facebook from making any future misrepresentations about the privacy and security of a user’s personal information, requires Facebook to establish a comprehensive privacy program, requires Facebook to remove user information within thirty days after a user deletes an account, requires Facebook to obtain a user’s express consent before enacting changes its data sharing methods, and requires Facebook to have an independent privacy audit every two years. According to the FTC, the Final Order would remain in effect for 20 years.

Since 2012, EPIC has filed five detailed complaints with the Commission regarding Facebook’s business practices, alleging violations of the Consent Order.

On March 16, 2018, Facebook admitted to the unlawful transfer of 50 million user profiles to the data analytics firm Cambridge Analytica, which harvested the data without user consent. Cambridge Analytica, hired by President Trump’s 2016 presidential campaign, was able to collect the private information of approximately 270,000 users and their extensive friend networks under false pretenses as a research-driven application. All of the users that participated in the survey consented to having their data collected but was told it was for “academic use.” The third party application subsequently scraped the data of these user’s friends without their knowledge or consent and transferred the data to Cambridge Analytica. Facebook later revised the number of affected users to 87 million, making it one of the largest unlawful data transfers in Facebook’s history.

Facebook’s transfer of personal data to Cambridge Analytica was prohibited by the 2011 Facebook Order. The FTC’s failure to enforce its order resulted in the unlawful transfer of 87 million user records to a controversial data mining firm to influence a presidential election.

EPIC and consumer groups urged the FTC to investigate Facebook. A week later, the FTC confirmed an investigation into Facebook.

On July 24, 2019, after a 16 month investigation, the FTC announced a proposed settlement to end its investigation into Facebook. This was the first fine against Facebook since EPIC and a coalition of privacy organizations filed a complaint with the Commission about the company’s businesses practices back in 2009. The FTC fined Facebook $5 billion, but required no meaningful changes to the business practices that violate user privacy.

On July 26, 2019: EPIC filed a Motion to Intervene in United States v. Facebook to protect the interests of Facebook users.

What's Wrong With the Settlement

The proposed settlement does not protect consumers - despite the systematic problems with Facebook’s collection and use of consumer data exposed by the Cambridge Analytica scandal and subsequent investigations into Facebook’s practices. The settlement does not incentivize Facebook to fix its deeply problematic business model and practices. Instead, the settlement fails to meaningfully limit Facebook’s collection, use, and sharing of consumer data or impose any actually independent oversight over Facebook’s use of personal data. On the whole, the settlement is not meaningfully different from the 2012 Consent Order that proved to be woefully inadequate in the wake of Facebook’s continued privacy violations from 2012 to the present.

Despite the clear need for a transformation of Facebook’s practices, the proposed settlement does not change Facebook’s business model or impose restrictions on its collection and use of consumer data. Facebook’s entire business practice rests on advertising. The company sells its advertisements based on its massive and ever-growing collection of personal information about consumers, priding itself on its level of targeting. Besides information provided by consumers such as their alma mater or favorite movies or artists, Facebook collects behavioral information (such as viewing habits, reactions to content, or internet activity) both on Facebook and using embedded technology elsewhere on the internet. This equates to mass surveillance of consumers by the company. Because companies purchase Facebook advertising because of this vast reservoir of consumer data, Facebook will continue to be incentivized to collect and monetize massive amounts of consumer data unless the Federal Trade Commission intervenes.

Rather than intervening to force Facebook to adjust its business model and practices to account for consumer privacy, the settlement fails to restrict Facebook’s advertising tactics or mass surveillance. Instead, it permits Facebook to continue to make its own determinations about user privacy and data collection if it produces additional records about those choices. It also does not meaningfully change the company’s structure or financial incentives. The large settlement amount, while flashy, constitutes only 7% of Facebook’s projected global ad revenue for 2019 of $67.37 billion . Given the comparative ease with which Facebook can pay fines of this degree, the company can retain its business model and its profitability under the settlement. Facebook is incentivized to continue to operate as it currently does, merely risking paying future fines out of its revenue.

In addition, the settlement does not impose independent oversight over Facebook - despite the fact that the lack of oversight after the 2012 Consent Order resulted in massive abuses of consumer information by Facebook and connected third-party companies. The required “Independent Privacy Committee” of the Board of Directors - whose members will be nominated by a committee chosen by Facebook - has minimal actual independence or power beyond ensuring that the required paperwork has been completed. While the settlement mandates an internal privacy program at Facebook, it does not give the Commission or any other external body authority to oversee the mandated program or oversight committee.

Instead, it merely requires Facebook to provide the Commission with copies of internal Facebook quarterly reports and biennial privacy program assessments from contractors chosen by Facebook and confirmed by the “Independent Privacy Committee.” The same is true for Facebook’s responses to illicit collection of Facebook user data by third parties. Facebook has liberty to respond to these complaints in any way that the company desires as long as it creates a paper trail of the incident. The new requirements neither institute oversight over Facebook’s collection and use of consumer data, nor increase public transparency about the company’s privacy practices to increase consumer awareness of Facebook’s deceptive privacy practices. Facebook must maintain additional records on privacy and data security under the settlement, but is not required to publicly disclose these records or adjust its practices based on these records or any other requirements.

Despite these inadequacies, the settlement extinguishes more than 26,000 consumer complaints against Facebook pending at the FTC. The proposed Consent Decree, now before this Court, states that “[t]he parties have consented to entry of this Stipulated Order to resolve any and all claims that Defendant, its officers, and directors, prior to June 12, 2019, violated the Commission’s Decision and Order in In re Facebook, Inc., C-4365, 2012 FTC LEXIS 135 (F.T.C. July 27, 2012). Furthermore, this Consent Decree resolves all consumer-protection claims known by the FTC prior to June 12, 2019, that Defendant, its officers, and directors violated Section 5 of the FTC Act.”

This prevents these complaints from being remedied, decreases public transparency, and protects Facebook from having to answer to the public about its myriad privacy violations. The settlement provides blanket immunity for Facebook and its executives for “any and all” violations of the 2012 Consent Order This prevents EPIC and other advocacy groups from pursuing the complaints previously filed at the FTC.

Very few requirements in the settlement are new. Many - including the prohibition against misrepresentations, the creation of a “comprehensive” privacy program, and the biennial assessments by a third-party professional - derive directly from the terms of the 2012 Consent Order . If the proposed settlement is instituted, Facebook will concede minimal additional requirements to the Federal Trade Commission.

Legal Documents

United States v. Facebook, No. 1:19-cv-02184 (D.D.C. filed July 24, 2019)

Agency Documents

Resources

FOIA Documents

Reactions to the Proposed Settlement

  • “The proposed settlement does little to change the business model or practices that led to the recidivism. The settlement imposes no meaningful changes to the company's structure or financial incentives, which led to these violations. Nor does it include any restrictions on the company's mass surveillance or advertising tactics. Instead, the order allows Facebook to decide for itself how much information it can harvest from users and what it can do with that information, as long as it creates a paper trail.” — Rohit Chopra, FTC Commissioner, July 24, 2019
  • “[T]wo major types of injunctive relief are missing from the settlement. I could have considered supporting the order if it included meaningful limitations on data collection and sharing and substantial public transparency about Facebook's data use and order compliance. Without such provisions, the order's ability to achieve specific and general deterrence through its injunctive terms is critically limited.” — Rebecca Kelly Slaughter, FTC Commissioner, July 24, 2019
  • “The record is now clear: Facebook egregiously & repeatedly broke the law, turning a blind eye to abuse & putting its rapacious rush to profits ahead of users' safety. This fig leaf deal releases Facebook without requiring any real privacy protections--no restraints on data use, no accountability for executives, nothing more than chump change fines. Facebook will never reform until forced to. The FTC failed to heed history. Facebook has written this penalty down as a one-time-cost in return for the extraordinary profits reaped from a decade of data misuse.The American public is owed more than another Zuckerberg apology & an anemic FTC settlement.” — Sen. Richard Blumenthal (D-Conn), July 24, 2019
  • “We believe that the reported settlement is woefully inadequate. It is clear that a $5 billion fine alone is a far cry from the type of monetary figure that would alter the incentives and behavior of Facebook and its peers. We are concerned that the FTC has failed to impose strict structural reforms and managerial accoutability that would put an end to Facebook's privacy invasions.” — Sens. Richard Blumenthal (D-Conn), Josh Hawley (R-Mo.), and Edward J. Markey (D-Mass.), July 16, 2019
  • “In my opinion, [$5B] that's not enough. We all know they've been in violation of their privacy agreements.” — Sen. Marsha Blackburn (R-Tenn), Chair of the Tech Task Force, July 16, 2019
  • “The FTC just gave Facebook a Christmas present five months early. It's very disappointing that such an enormously powerful company that engaged in such serious misconduct is getting a slap on the wrist. This fine is a fraction of Facebook's annual revenue. It won't make them think twice about their responsibility to protect user data.” — Rep. David Cicilline (D-R.I.), Chairman of Subcommittee on Antitrust, Commercial and Administrative Law, July 23, 2019
  • “This is very disappointing. This settlement does nothing to change Facebook's creepy surveillance of its own users & the misuse of user data. It does nothing to hold executives accountable. It utterly fails to penalize Facebook in any effective way.” — Sen. Josh Hawley (R-Mo.), July 24, 2019
  • “With its settlement with Facebook, the FTC not only fell short, it fell on its face. Facebook is getting away with some of the most egregious corporate bad behavior in the age of the internet. This settlement is a partisan abdication of the FTC's duty. The only market-wide message the Commission is sending is that it is acceptable for online giants to beg for forgiveness afterward rather than get permission first. The FTC is giving little confidence to the American people that Facebook and other online companies will now have to operate within a new incentive structure that will end the profits-over-privacy status quo.” — Sen. Edward J. Markey (D-Mass.), July 24, 2019
  • “While $5 billion is a record fine for the FTC, monetary damages are not enough. Facebook has repeatedly demonstrated that it prioritizes profit over people. Tough oversight is needed to prevent the abuse of consumer information by Facebook and other companies. Comprehensive privacy legislation is necessary to strengthen the FTC's authorities and give it more enforcement tools and resources so that violating consumers' privacy and breaking public trust isn't just the cost of doing business.” — Rep. Frank Pallone (D-N.J.), July 24, 2019
  • “If today's reports of a record-breaking $5 billion fine for Facebook are true, the sad reality is that this does not go nearly far enough. For a company that last year alone generated revenue nearly 11 times greater than the reported fine, the Federal Trade Commission (FTC) should send a clear signal to Facebook and so many other tech companies that privacy is their ultimate responsibility. If these reports are true, then they failed.” — Rep. Jan Schakowsky (D-IL), July 12, 2019
  • “The FTC is sending the message that wealthy executives and massive corporations can rampantly violate Americans' privacy, lie about how our personal information is used and abused and get off with no meaningful consequences. Americans will see our privacy violated again and again until Congress passes strong privacy laws that gives the FTC the resources and authority it needs to hold large corporations - and the executives at the top - accountable for protecting our most personal data.” — Sen. Ron Wyden (D-Ore.), July 24, 2019
  • “The 3-2 Facebook decision by the FTC leaves millions of Americans vulnerable to all the problems unleashed by the Cambridge Analytica scandal. The commission adopted a woefully inadequate remedy that does nothing to stem the fundamental loss of its user privacy which led to our original 2009 complaint.” — Jeff Chester, Executive Director, Center for Digital Democracy, July 26, 2019
  • “Despite the large price tag, the FTC settlement provides no meaningful changes to Facebook's structure or financial incentives. It allows Facebook to continue to set its own limits on how much user data it can collect and it gives Facebook immunity for unspecified violations. The public has a right to know what laws Facebook violated. Corporations should face consequences for violating the public trust, not be given a rubber stamp to carry out business as usual. This settlement limits the ability of Black users to challenge Facebook's misuse of their data and force real accountability which is why the courts must review the fairness of this settlement. ” — Brandi Collins-Dexter, Senior Campaign Director, Color of Change, July 26, 2019
  • “Facebook has been exploiting kids for years, and this proposed settlement is essentially a get-out-of-jail-free card. It potentially extinguishes our children's privacy complaints against Facebook, but offers absolutely no protections for kids' privacy moving forward. It also sweeps under the rug a complaint detailing how Facebook knowingly and intentionally tricked kids into spending money on mobile games over several years, sometimes to the tune of thousands of dollars per child.” — Josh Golin, Executive Director, Campaign for Commercial-Free Childhood, July 26, 2019
  • “The FTC's settlement with Facebook sells consumers short by failing to change the company's mass surveillance practices and wiping away other complaints that deserved to be addressed. It needs to be stronger to truly protect our privacy. ” — Susan Grant, Director of Consumer Protection and Privacy, Consumer Federation of America, July 26, 2019
  • “The FTC's settlement is woefully insufficient in light of Facebook's persistent privacy violations. The fine is a mere cost of doing business that makes breaking the law worth it for Facebook. Remedies must curb Facebook's widespread data collection and promote competition. Otherwise Facebook will continue to fortify its monopoly power by surveilling users both on Facebook and off, and users can't vote with their feet when Facebook violates their privacy. The public must have the opportunity to be heard on this negligent settlement.” — Sally Hubbard, Director of Enforcement Strategy, Open Markets Institute, July 26, 2019
  • “This laughable $5 billion settlement with the category-killer social media giant Facebook makes the much smaller Equifax settlement for sloppy security look harsh. Facebook intentionally collects and shares an ever-growing matrix of information about consumers, their friends and their interests in a mass surveillance business model. It routinely changes its previous privacy promises without consent. It doesn't adequately audit its myriad business partners. The FTC essentially said to Facebook: Pay your parking ticket but don't ever change. Your fast-and-loose practices are okay with 3 of the 5 of us. Not changing those practices will come back to haunt the FTC, consumers and the world.” — Edmund Mierzwinski, Senior Director for Federal Consumer Programs, U.S. PIRG, July 26, 2019
  • “The FTC's pending Facebook settlement does not take adequate measures to limit the collection and sharing of consumers' personal information, but appears to provide the company with extensive protections from even future violations. Consumer Action respectfully urges the court to consider positions from interested parties who have related complaints filed with the FTC to ensure that the most fair and comprehensive agreement is approved.” — Linda Sherry, Director of National Priorities, Consumer Action, July 26, 2019
  • “On behalf of families across the country, Common Sense fully stands behind EPIC's motion. The proposed settlement is a get out of jail free card for Facebook, purporting to absolve Facebook not only of liability for privacy abuses but for other -- completely unaddressed and unexplored -- Section 5 abuses. One such abuse that the FTC is aware of and that court documents confirm includes tricking kids into making in-app purchases that have put families out hundreds and even thousands of dollars --something the company has yet to meaningfully change its policies on to this day. Such a broad release is unprecedented, unjustified and unacceptable.” — James P. Steyer, CEO and Founder of Common Sense Media, July 26, 2019
  • “The FTC's settlement amounts to Facebook promising yet again to adhere to its own privacy policy, while reserving the right to change that policy at any time. That approach will fail to protect users' privacy. The court should reject the settlement and order the FTC to try again and do better.” — Robert Weissman, President, Public Citizen, July 26, 2019
  • “The weightlessness of the fine isn't the only problem with the deal. The settlement order grants Facebook and its officers immunity in a wide range of possible misdeeds committed before June 12.” — New York Times Editorial Board, July 25, 2019
  • “the Facebook settlement gives both the company and its executives blanket immunity, not just for any violations the FTC has claimed, but for any violations it hasn't claimed. [...] It's extraordinary that a repeat offender that has shown a disdain for the FTC's authority would get such comprehensive, top-to-bottom immunity. This isn't just a plea bargain, it's a plenary indulgence.” — Devin Coldewey, TechCrunch, July 24, 2019
  • “The biggest story from this settlement is that the public has no sense of the breadth of Facebook's misdeeds for which they have a purchased a `get out of meaningful accountability relatively cheaply' card.” — Jeff Hauser, The Revolving Door Project, July 25, 2019
  • “What Facebook's settlement with the Federal Trade Commission, announced Wednesday morning, doesn't do is change the fundamental way Facebook operates: Facebook will continue to harvest the data it collects about its 2 billion-plus users and employ that information to run an incredibly powerful advertising business.” — Peter Kafka, Vox, July 24, 2019
  • “Worst of all, the settlement completely indemnifies the company and its leaders for "any and all claims prior to 12 June 2019". So, everything. ” — Siva Vaidhyanathan, The Guardian, July 26, 2019

Editorials and Op-eds on the Settlement

News

  • FTC, Facebook Say $5B Privacy Deal Benefits Consumers, Law360, January 28, 2020
  • FTC settlement requires 'sea change' for Facebook privacy, DOJ says, POLITICO Pro, January 24, 2020
  • Facebook still hasn't paid that $5B FTC fine, but what happens when it does?, Mashable, January 17, 2020
  • Facebook's FTC Privacy Settlement Challenged in Court, BankInfoSecurity, January 10, 2020
  • Brazil Fines Facebook Over Cambridge Analytica Data Sharing, Law360, January 3, 2020
  • More news

  • Cybersecurity & Privacy Cases To Watch in 2020, Law360, January 1, 2020
  • The Technology 202: Facebook won't get past the Cambridge Analytica scandal anytime soon, Washington Post, November 7, 2019
  • FTC Privacy Settlement Too Favorable To Facebook, Watchdogs Say, MediaPost, October 17, 2019
  • $5B Facebook Deal Lets Gov't Grab User Data, Court Told, Law360, October 16, 2019
  • Facebook’s $5 Billion Privacy Settlement Argued Consumers Weren’t Harmed. Experts Think the Damage Was Incalculable, Fortune, October 2, 2019
  • EPIC Steps Up Bid To Stop Facebook's $5B FTC Deal, Law360, August 14, 2019
  • Facebook fumbles on privacy, again, POLITICO, August 14, 2019
  • Facebook’s settlements with the Federal Government—Key takeaways for all companies to consider, Lexology, August 2, 2019
  • EPIC challenges FTC-Facebook settlement, IAPP, July 31, 2019
  • Facebook cares about its users’ privacy*, Think Progress, July 31, 2019
  • Privacy group asks court to reconsider FTC’s $5 billion Facebook deal, Ars Technica, July 30, 2019
  • What’s Next After Facebook’s Record $5 Billion Fine and Cambridge Analytica?, National Law Review, July 30, 2019
  • Facebook privacy deal with regulator under attack, The Times, July 28, 2019
  • EPIC privacy group sues FTC for letting Facebook off easy, The Verge, July 26, 2019
  • EPIC asks judge to hear from critics before approving $5B Facebook settlement, The Hill, July 26, 2019
  • EPIC Files Legal Challenge to Facebook’s $5 Billion F.T.C. Settlement, New York Times, July 26, 2019
  • Facebook Penalty Sends Message to Big Tech, WSJ, July 25, 2019
  • 4 Takeaways From Facebook's Historic $5B Privacy Settlement, Law360, July 25, 2019
  • Facebook Board to Tighten Oversight, as Zuckerberg Keeps Control, Wall Street Journal, July 25, 2019
  • Critics Pan Facebook's Privacy Settlement, Forbes, July 25, 2019
  • A $5 Billion Fine for Facebook Won’t Fix Privacy, New York Times (Editorial), July 25, 2019
  • Facebook hit with $5-billion federal fine for privacy violations, Los Angeles Times, July 24, 2019
  • Facebook Fined Record $5 Billion By FTC For Privacy Violations, HuffPost, July 24, 2019
  • FTC fines Facebook $5 billion for privacy violations, adds oversight, PBS Newshour, July 24, 2019
  • Facebook expected to settle with FTC today, paying $5bn over data handling and agreeing to new controls, Computing (UK), July 24, 2019
  • Facebook Fined $5 Billion and Ordered to Add Oversight of Data Practices, New York Times, July 24, 2019
  • US slaps $5 bn fine on Facebook, toughens privacy oversight, AFP, July 24, 2019
  • FTC Fines Facebook $5 Billion Over Privacy Violations, CBS San Francisco, July 24, 2019
  • Facebook to pay $5bn fine, but will privacy prevail?, Al Jazeera, July 24, 2019
  • Facebook Settlement Criticized for Weak Privacy Protections, Consumer Reports, July 24, 2019
  • There's Zero Chance Facebook's 'Historic' FTC Fine Prevents Future Abuse, Lawmakers and Privacy Advocates Say, Gizmodo, July 24, 2019
  • This is what Facebook’s $5 billion fine means for your privacy, MarketWatch, July 24, 2019
  • FTC fines Facebook $5B, adds limited oversight on privacy, Washington Post, July 24, 2019
  • Facebook To Pay Record $5B FTC Fine For Privacy Breaches, Law360, July 24, 2019
  • For Facebook’s Zuckerberg, FTC settlement could bring a new era of accountability, Washington Post, July 24, 2019
  • Facebook FTC Deal Shows Need for Privacy Bill, Lawmakers Say, Bloomberg, July 24, 2019
  • Today was Facebook's worst day ever, and it won’t make a difference, Engadget, July 24, 2019
  • Facebook will have to pay a record-breaking fine for violating users’ privacy. But the FTC wanted more., The Washington Post, July 23, 2019
  • Facebook Settlement Requires Mark Zuckerberg to Certify Privacy Protections, Wall Street Journal, July 23, 2019
  • Facebook Settlement Expected to Mandate Privacy Committee, Wall Street Journal, July 22, 2019
  • FTC Set to Unveil Terms of $5 Billion Facebook Settlement, Barron's, July 22, 2019
  • Who should keep an eye on Silicon Valley?, POLITICO, July 21, 2019
  • Column: If a $5-billion fine won’t shake Facebook, what can bring it to heel?, Los Angeles Times, July 18, 2019
  • Facebook's $5B Fine Would Set Record But Not Quiet Critics, Law360, July 16, 2019
  • Tell me more, tell me more, POLITICO Morning Tech, July 16, 2019
  • Facebook to pay FTC $5bn fine over Cambridge Analytica, Computing, July 15, 2019
  • Facebook's $5bn FTC penalty slammed as a 'tap on the wrist', The Inquirer, July 15, 2019
  • FTC’s $5 Billion Fine Alone Won’t Get Facebook Out of Crosshairs, Wall Street Journal, July 15, 2019
  • FTC to fine Facebook about $5 billion for user-privacy violations, reports say, CBS News, July 15, 2019
  • FTC to fine Facebook $5 billion over privacy violations: report, Chicago Tribune, July 12, 2019
  • Why 'we can't stop' with just making Facebook split up, Yahoo, June 18, 2019
  • Pressure mounts on Facebook over Mark Zuckerberg's emails on privacy practices, ongoing FTC investigation, Fox News, June 15, 2019
  • Structural Remedies In Spotlight In Facebook Privacy Probe, Law360, May 20, 2019
  • Democrats Need to Tame the Facebook Monster They Helped Create, POLITICO Magazine, May 19, 2019
  • Is Facebook becoming too big to exist? A co-founder thinks so, QRIUS, May 14, 2019
  • Can Facebook be broken up? What you need to know, CNET, May 10, 2019
  • Facebook's Privacy Practices May Get More Oversight, Consumer Reports, May 3, 2019
  • Facebook's FTC Settlement May Include Privacy Oversight, PC Magazine, May 2, 2019
  • Facebook could get new privacy oversight and record-breaking fine in FTC deal, Fox News, May 2, 2019
  • Facebook could create new privacy positions as part of FTC settlement, The Verge, May 2, 2019
  • Mark Zuckerberg could become Facebook's 'designated compliance officer', Mashable, May 2, 2019
  • Facebook Settlement With FTC To Include New Privacy Committee, MediaPost, May 2, 2019
  • New privacy oversight on the table for Facebook, Zuckerberg, POLITICO Pro, May 1, 2019
  • How to Take Back Control From Facebook, New York Times, April 30, 2019
  • Facebook Unveils Redesign as It Tries to Move Past Privacy Scandals, New York Times, April 30, 2019
  • A Record FTC Fine Won't Fix Facebook, Privacy Experts Say, Consumer Reports, April 26, 2019
  • Why Facebook's 'biggest fine ever' is actually peanuts, The Week, April 26, 2019
  • Facebook Takes $3 Billion Hit, Anticipating FTC Fine, BankInfo Security, April 26, 2019
  • Regulators Around the World Are Circling Facebook, New York Times, April 26, 2019
  • Facebook expects up to $5B FTC fine, POLITICO, April 25, 2019
  • Facebook sets aside billions of dollars for a potential FTC fine, Washington Post, April 25, 2019
  • FTC could hold Zuckerberg personally accountable for Facebook lapses, report says, Los Angeles Times, April 19, 2019
  • Facebook Poised to Fight Disclosure of U.S. Privacy Assessments, Bloomberg, April 18, 2019
  • Facebook Slips After Admitting Email Contact Upload in Latest Privacy Glitch, The Street, April 18, 2019
  • Congress to Zuckerberg: Facebook doesn't get to make the rules, Washington Examiner, April 5, 2019
  • Zuckerberg's Calls for Regulation Are Seen Missing the Mark, Bloomberg, April 1, 2019
  • Status update: How Facebook is dealing with a year's worth of crises, CBS News, March 26, 2019
  • FTC under fire, POLITICO Morning Tech, March 25, 2019
  • Can Washington keep watch over Silicon Valley? The FTC’s Facebook probe is a high-stakes test, Washington Post, February 20, 2019
  • Facebook Data Leak Negotiations Put FTC In Hot Seat, Law360, February 15, 2019
  • Facebook may face multi-billion dollar fine for Cambridge Analytica scandal, Ars Technica, February 15, 2019
  • The U.S. government and Facebook are negotiating a record, multibillion-dollar fine for the company’s privacy lapses, Washington Post, February 14, 2019
  • Call for Facebook to be broken up and fined billions over privacy, Yahoo News UK, January 29, 2019
  • The Technology 202: Facebook's messaging plans spark privacy, antitrust concerns around the world, Washington Post, January 29, 2019
  • Facebook Deserves $2B Privacy Fine, Advocacy Orgs Tell FTC, Law360, January 27, 2019
  • Facebook's plan to merge its messaging services ignites further antitrust concerns, CNBC, January 27, 2019
  • Groups call for FTC to break up Facebook, The Hill, January 25, 2019
  • The Technology 202, Washington Post, January 25, 2019
  • EPIC, Open Markets Institute and other groups urge FTC to break up Facebook, SC Magazine, January 25, 2019
  • Zuckerberg Plans to Integrate WhatsApp, Instagram and Facebook Messenger, New York Times, January 25, 2019
  • Advocacy groups are pushing the FTC to break up Facebook, The Verge, January 24, 2019
  • America Needs a Privacy Law, New York Times, December 25, 2018
  • Why the F.T.C. Is Taking a New Look at Facebook Privacy, New York Times, December 22, 2018
  • After Latest Facebook Fiasco, Focus Falls on Federal Commission, Techonomy, December 21, 2018
  • Too ‘Bad To The Bone’ For A Facebook Facelift?, Chief Executive, November 20, 2018
  • What the FTC really needs to deal with Facebook, IAPP, November 20, 2018
  • Facebook Failed to Police How Its Partners Handled User Data, New York Times, November 12, 2018
  • EPIC Urges FTC To Fine Facebook Amid EU Data Row, Law360, August 17, 2018
  • Government-data watchdog slaps Facebook on wrist, WND, July 12, 2018
  • Facebook’s Zuckerberg due to face new test in front of European lawmakers, Washington Post, May 22, 2018
  • Advocates Question Facebook's Latest Effort To Protect Data, NPR, May 15, 2018
  • Facebook Co-Founder: ‘Self-Regulation Alone is Concerning’, Techonomy, May 11, 2018
  • Regulating Privacy, New York Times, May 7, 2018
  • Ireland sending Facebook privacy fight to European Union court, WND, May 6, 2018
  • The agency in charge of policing Facebook and Google is 103 years old. Can it modernize?, Washington Post, May 4, 2018
  • The Facebook-WhatsApp Lesson: Privacy Protection Necessary for Innovation, Techonomy, May 4, 2018
  • EPIC wants unredacted privacy assessments from Facebook, Compliance Week, April 26, 2018
  • An EPIC Lawsuit, The Hill, April 24, 2018
  • Digital counter surveillance for all audiences, La Vanguardia (Spain), April 24, 2018
  • 'Facebook's privacy controls are sufficient, "said audit in 2017, Estadao Link, April 24, 2018
  • Facebook’s hand-picked watchdogs gave it high marks for privacy even as the tech giant lost control of users’ data, Washington Post, April 24, 2018
  • Senator Wants Fines, Tighter Leash On Facebook By FTC, Law360, April 23, 2018
  • EPIC Sues FTC Over Facebook's Privacy Audits, POLITICO Morning Tech, April 23, 2018
  • Facebook privacy audit by auditors finds everything is awesome!, The Register, April 21, 2018
  • FTC-mandated audit cleared Facebook's privacy policies in 2017, Engadget, April 20, 2018
  • Audit Cleared Facebook’s Privacy Practices Despite Cambridge Analytica Leak, Wall Street Journal, April 20, 2018
  • https://www.wired.com/story/facebooks-2017-privacy-audit-didnt-catch-cambridge-analytica/, WIRED, April 19, 2018
  • Audit Approved of Facebook Policies, Even After Cambridge Analytica Leak, New York Times, April 19, 2018
  • Facebook Received Positive Audit, Despite Cambridge Analytica Data Transfers, MediaPost, April 19, 2018
  • Will the FTC come down hard on Facebook? It's only happened twice in 20 years, USA TODAY, April 18, 2018
  • Cambridge Analytica Whistleblower Empowers Citizen Action, Government Accountability Project, April 18, 2018
  • Facebook to face class action suit on facial recognition, NY Daily News, April 17, 2018
  • Facebook gives more details on how it tracks non-users, USA TODAY, April 17, 2018
  • Now Facebook confronted by overseas data-privacy fight, WND, April 14, 2018
  • Here's what the Facebook crisis means for AT&T and Time Warner, Dallas News, April 13, 2018
  • Facebook Isn't Out of the Woods Yet, The Street, April 13, 2018
  • How Facebook can have your data even if you're not on Facebook, USA TODAY, April 13, 2018
  • Why Facebook's 2011 Promises Haven't Protected Users, WIRED, April 12, 2018
  • After Facebook hearings, users want to know: who's protecting my data?, USA TODAY, April 12, 2018
  • Facebook in crisis: Mark Zuckerberg's testimony reveals massive problems remain, Fox News, April 12, 2018
  • Transcript of Zuckerberg’s appearance before House committee, Washington Post, April 12, 2018
  • Fact-checking Facebook CEO Mark Zuckerberg's congressional testimony, Polifact, April 12, 2018
  • Mark Zuckerberg's Privacy Shell Game, WIRED, April 11, 2018
  • Facebook stock jumps higher as Mark Zuckerberg testifies, CBS, April 11, 2018
  • It would have taken more than privacy laws to prevent the Cambridge Analytica scandal, The Hill, April 11, 2018
  • Facebook, Cambridge Analytica, and Grindr: Frank Pasquale Talks About Big Data and HIV Disclosure, TheBody.com, April 11, 2018
  • What You Don’t Know About How Facebook Uses Your Data, New York Times, April 11, 2018
  • Facebook’s Days as an Unregulated Monopoly May Be Numbered, Wall Street Journal, April 11, 2018
  • What we learned from Zuckerberg’s testimony, and what we still don’t know, PBS Newshour, April 11, 2018
  • Facebook and Cambridge Analytica: Is the genie out of the bottle?, ZDNet, April 11, 2018
  • 4 Things To Watch As Facebook CEO Heads To Congress, Law360, April 10, 2018
  • What to do if Facebook says your info was used by Cambridge Analytica, USA TODAY, April 10, 2018
  • 9 questions Congress should ask Mark Zuckerberg, Vox, April 10, 2018
  • Facebook's Zuckerberg to testify over data breach, Al Jazeera, April 10, 2018
  • Brenda Lee Zuckerberg Is Sorry, Chief Executive, April 10, 2018
  • Today’s question for Facebook will be ‘what happens next?’: EPIC President, CNBC, April 10, 2018
  • As Zuckerberg Prepares to Testify, Questions Grow Over How to Protect Data, Wall Street Journal, April 9, 2018
  • 5 Facebook facepalms (just last week), Naked Security, April 9, 2018
  • Facebook broadens estimate of data misuse to 87 million people, including more than 600,000 Canadians, The Globe and Mail, April 5, 2018
  • Is This European Law Behind Facebook's Privacy Shift, Newsweek, April 2, 2018
  • Hey Alexa, can you keep a secret from snooping big tech? , Economic Times, April 2, 2018
  • Facebook Faces Calls to Further Protect User Privacy, Voice of America, April 2, 2018
  • Facing outcry over data breach, Facebook again overhauls privacy settings, Yahoo News, March 30, 2018
  • Facebook limits ad targeting after Cambridge Analytica data leak, USA TODAY, March 30, 2018
  • Facebook again overhauls privacy settings after outcry over data breach, RawStory, March 30, 2018
  • Tim Cook Blasts Facebook & Google, Calls For Government Regulation, CleanTechnica, March 30, 2018
  • Facebook Changing Privacy Controls As Criticism Escalates, Daily Democrat Press, March 30, 2018
  • Facebook under fire, but it’s just part of ‘surveillance economy’, Christian Science Monitor, March 29, 2018
  • Consumer, privacy groups urge Zuckerberg to hire Jimmy Carter as election monitor, The Hill, March 29, 2018
  • Amidst data breach scandal, Facebook revamps privacy tools and settings to give users greater control, The Economic Times, March 29, 2018
  • Privacy groups hit at Facebook, POLITICO, March 28, 2018
  • Cambridge Analytica whistleblower testifies, CBS This Morning, March 27, 2018
  • Special Report With Bret Baier, Fox News, March 27, 2018
  • Behind Facebook's baby step fixes: Defending its ad business, Associated Press, March 26, 2018
  • FTC opens probe into Facebook privacy practices , Financial Times, March 26, 2018
  • The FTC Is Officially Investigating Facebook's Data Practices, Wired, March 26, 2018
  • Facebook had a closer relationship than it disclosed with the academic it called a liar, The Washington Post, March 23, 2018
  • Behind Facebook's Baby Step Fixes: Defending Its Ad Business, US News & World Report, March 23, 2018
  • Lawmakers Ask Zuckerberg To Testify About Data Misuse, Law360, March 23, 2018
  • Facebook-Cambridge Analytica shows the need for a new privacy law, Business Insider, March 22, 2018
  • Facebook feels the pressure over data leak, Irish Examiner, March 22, 2018
  • Facebook’s latest data breach reveals Silicon Valley’s fortunes are built on pilfering privacy, Salon, March 22, 2018
  • What you can do to protect your personal data on Facebook, PBS Newshour, March 22, 2018
  • Facebook Swelters in Cambridge Analytica Heat, E-Commerce Times, March 22, 2018
  • How the FTC Could Have Avoided the Facebook Mess, Techonomy, March 22, 2018
  • Facebook Crisis Reignites Washington’s Scrutiny of Social Networks, Bloomberg BNA, March 21, 2018
  • Facebook data scandal: the legal questions, Financial Times, March 21, 2018
  • Privacy groups put pressure on FTC's Facebook probe, POLITICO Pro, March 21, 2018
  • Three Questions: Prof. Jeffrey Sonnenfeld on the Crisis at Facebook, Yale Insights, March 21, 2018
  • Facebook Owes You More Than This, WIRED, March 20, 2018
  • Can Facebook be trusted with your personal info? Voter harvesting scheme shows perils for users, USA TODAY, March 20, 2018
  • Facebook’s rules for accessing user data lured more than just Cambridge Analytica, Washington Post, March 20, 2018
  • Facebook Leaves Its Users’ Privacy Vulnerable, New York Times (Editorial), March 20, 2018
  • Facebook facing federal investigation over Cambridge Analytica data scandal, CBS News, March 20, 2018
  • As data misuse scandal grows, Facebook investigated by FTC, meets with lawmakers, USA TODAY, March 20, 2018
  • The Latest: Cambridge Analytica whistleblower regrets work, San Francisco Chronicle, March 20, 2018
  • US, European officials question Facebook's protection of personal data, Washington Post, March 19, 2018
  • Data leak puts Facebook under intensifying scrutiny on two continents, Seattle Times, March 19, 2018
  • Cambridge Analytica Breach Reveals Facebook’s Weak User Data Defenses, eWeek, March 19, 2018
  • Facebook says you 'own' all the data you post. Not even close, say privacy experts, Los Angeles Times, March 19, 2018
  • Facebook may have violated FTC privacy deal, say former federal officials, triggering risk of massive fines, The Washington Post, March 18, 2018
  • Officials: Facebook may have violated FTC privacy deal, Fort Wayne Journal Gazette, March 18, 2018
  • Share this page:

    Defend Privacy. Support EPIC.
    US Needs a Data Protection Agency
    2020 Election Security