Facebook has not been doing enough to comply with a 2020 privacy order: FTC

Broken promises —

Meta has 30 days to respond to allegations about its Messenger Kids product.

Facebook furious at FTC after agency proposes ban on monetizing youth data

Facebook has not been doing enough to comply with a 2020 privacy order, the Federal Trade Commission (FTC) announced Wednesday. On top of “continuing to give app developers access to users’ private information” that Meta claimed had been cut off, the FTC alleges that Facebook has caused new harm. Perhaps most alarming, the FTC alleges that Facebook’s Messenger Kids product misled parents on who could connect to chat with minors and misrepresented who had access to private youth data.

Now, the FTC has proposed changes to the 2020 order that would prohibit Facebook owner Meta from launching new products on any of its platforms without procuring written FTC compliance confirmation and prevent the company from monetizing any of the youth data it collects across Facebook, Instagram, WhatsApp, and Oculus.

“Facebook has repeatedly violated its privacy promises,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a press release.

The FTC confirmed that it has asked Meta to respond to allegations first reported by The Verge in 2019 that “from late 2017 until mid-2019, Facebook misrepresented that parents could control whom their children communicated with through its Messenger Kids product.” Quite the opposite, instead of providing adequate parental controls to prevent strange adults from contacting kids, a Facebook bug allowed “children in certain circumstances” to “communicate with unapproved contacts in group text chats and group video calls.” In 2019, Facebook confirmed to The Verge that the technical issue had occurred and thousands of users were notified about the bug, which affected “a small number of group chats.”

According to the FTC, this is the third time that Facebook has violated a privacy order. Facebook has also violated the FTC Act and the Children’s Online Privacy Protection Act Rule, the FTC alleged.

“The company’s recklessness has put young users at risk, and Facebook needs to answer for its failures,” Levine said in the press release.

A Meta spokesperson told Ars that the FTC’s proposed changes are “a political stunt,” saying that the FTC gave Meta “no opportunity to discuss this new, totally unprecedented theory.” Meta considers the FTC’s proposed changes to the privacy order “a new low.”

“Let’s be clear about what the FTC is trying to do: usurp the authority of Congress to set industry-wide standards and instead single out one American company while allowing Chinese companies, like TikTok, to operate without constraint on American soil,” Meta’s spokesperson said. “FTC Chair Lina Khan’s insistence on using any measure—however baseless—to antagonize American business has reached a new low.” [Update: Facebook says that the assessor’s report did not find violations of the 2020 privacy order and noted that the two privacy concerns that the FTC raised were already discovered, fixed, and publicly disclosed.]

The FTC’s proposed changes were drafted in response to a report from an independent assessor who reviewed Facebook’s privacy program and concluded that there were “several gaps and weaknesses” in it. Some of these deficiencies, the FTC alleges, “pose substantial risks to the public.”

Among the most drastic proposed changes are a blanket prohibition against monetizing data of users under 18 and a pause on launching new products, services, or features ” without written confirmation from the assessor” confirming full compliance with the FTC’s order. The FTC has also proposed additional limitations on Meta’s uses of facial recognition technology and an extension of the 2020 order’s compliance requirements to encompass all companies merged under Meta. Finally, the FTC proposes going back to the drawing board on the 2020 privacy order and strengthening many of the existing requirements, including “those related to privacy review, third-party monitoring, data inventory and access controls, and employee training.”

Meta’s spokesperson told Ars that the company contends that it has “spent vast resources building and implementing an industry-leading privacy program under the terms of our FTC agreement.”

“We will vigorously fight this action and expect to prevail,” Meta’s spokesperson told Ars.

Meta has 30 days to officially respond to the proposed changes, but ultimately, the FTC says it will “determine whether modification of the 2020 order is in the public interest or justified by changed conditions of fact or law.”

Read More

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.