FTC's Facebook Audit Didn't Catch Cambridge Analytica Leaks

There's been a lot of extra government scrutiny on Facebook following the news of the Cambridge Analytica scandal that came out in March, but government oversight didn't catch the misuse of data that affected 80 million people.

The Federal Trade Commission settled its charges with Facebook in 2011 with its Consent Decree. Part of the settlement included a series of audits of the social network's privacy practices. 

Following a Freedom of Information Act Request, the Electronic Privacy Information Center obtained a copy of the most recent audit, conducted in April 2017 by Pricewaterhousecoopers. 

"In our opinion, Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information." said PwC in the audit, which covered the period from Feb. 12, 2015 to Feb. 11, 2017. 

Facebook initially discovered that the "thisisyourdigitallife" app's developer sold the harvested information of millions of users to Cambridge Analytica in 2015.

While the FTC announced in March 2018 that it will be investigating Facebook's privacy practices, following the news of the scandal, Sen. Richard Blumenthal, D-Conn. is hoping for more from the agency. Blumenthal wrote a letter to the FTC on Thursday, requesting stronger oversight, given the evidence that Facebook violated the 2011 consent decree.

"Recent revelations about the illegitimate harvesting of personal data on tens of millions of Americans have shed new light on the systemic failure of Facebook to address privacy risks and keep its promises to users," Blumenthal wrote. "Despite Mark Zuckerberg's recent apology tour, Facebook's history of negligence demonstrates that the company can no longer be trusted to self-regulate."