recommended reading

FTC urged to probe whether Facebook is violating privacy settlement

flydragon/Shutterstock.com

Two privacy groups are calling on the Federal Trade Commission to investigate whether a deal Facebook has entered into with a data-mining firm violates the privacy settlement the social networking site reached last year with the agency.

In a letter Thursday to the FTC, the Electronic Privacy Information Center and the Center for Digital Democracy urged the commission to examine whether the deal Facebook reached with Datalogix to measure the effectiveness of Facebook ads runs counter to the privacy promises Facebook agreed to as part of the consent decree reached last year. Datalogix will reportedly match information it has about consumers with personal information from Facebook users.

The FTC finalized its consent decree last month that settled allegations - first raised by EPIC and others - that Facebook deceived its users when it changed its privacy settings in 2009. As part of the settlement, Facebook agreed to get permission from users before changing the way it shares data and submit to independent third-party audits of its privacy practices for two decades.

"Facebook did not attempt to notify users of its decision to disclose user information to Datalogix," the two privacy groups said in their letter to the FTC. "Neither Facebook's Data Use Policy nor its Statement of Rights and Responsibilities adequately explains the specific types of information Facebook discloses, the manner in which the disclosure occurs, or the identities of the third parties receiving the information."

While Facebook has pledged to protect the anonymity of the data, EPIC and CDD question the effectiveness of the methods the company is using to do this. They also said that Facebook is offering users a "confusing and ineffective" means of opting out of the arrangement with Datalogix.

In a statement, Facebook said it is "confident that we are [in] compliance with our legal obligations."

The company also has defended its agreement with Datalogix, saying it is aimed at helping its "advertisers understand how well their Facebook ads are working. ... We know that people share a lot of information on Facebook, and we have taken great care to make sure that we measure the effectiveness of Facebook ads without compromising the commitments we have made on privacy. We don't sell people's personal information, and individual user data is not shared between Facebook, Datalogix or advertisers."

(Image via flydragon/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.