Canada, New York Rebuke Facebook For Privacy Violations

In Canada, privacy commissioners stated that Facebook’s “superficial and ineffective safeguards and consent mechanisms” violated local and national laws in allowing third parties to access users’ personal data — and that the company has refused to fix the problems. The New York State attorney general plans to investigate Facebook’s “unauthorized collection” of 1.5+ million users’ email address books. Facebook just banned “personality quiz” apps similar to the one behind the Cambridge Analytica scandal, to improve security.

The New York Times reports that, “the privacy commissioner of Canada and the information and privacy commissioner for British Columbia” investigated Facebook and came to the conclusion that the company “ignored recommendations, some issued a decade ago, for how to prevent future exposure.” They plan to take Facebook to a Canadian federal court.

“There’s a significant gap between what they say and what they do,” said Canada’s privacy commissioner Daniel Therrien, who notes that the court is likely to impose “very small penalties.” Although Canada has passed digital privacy legislation, it “never adopted the stiff fines and investigative powers authorized by their European counterparts.”

Facebook, although it will not allow “audits of its privacy procedures,” said that it will “enter a compliance agreement with Therrien’s office.” Therrien said his office is closing its Facebook account as a “symbolic gesture.”

Bloomberg reports that Facebook has banned what product management director Eddie O’Neil said are “apps with minimal utility, such as personality quizzes.” In his post, he added that apps will no longer be able to ask for data that doesn’t directly “enrich the in-app user experience.” The move is in response to Cambridge Analytica illegally harvesting data of up to 87 million Facebook users through a quiz app.

Elsewhere, NYT states that, according to sources, New York attorney general Letitia James “plans to open an investigation into Facebook’s unauthorized collection of more than 1.5 million users’ email address books,” a practice that targeted users who signed up after 2016. The information was used to improve the company’s ad-targeting algorithms.

“Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data,” said James. “It is time Facebook is held accountable for how it handles consumers’ personal information.” In December, the District of Columbia attorney general sued Facebook for its role in the Cambridge Analytica debacle, and the company said it expects to pay up to $5 billion to the Federal Trade Commission for privacy violations.

With regard to the New York State complaint, Facebook said it was an unintentional mistake “resulting from a method the company once used to verify the identity of new users that required sending Facebook your email password.” Although the practice ended in May 2016, “Facebook continued to gain access to the email address books of at least 1.5 million new users” who were not notified that their data was being harvested.