You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

Facebook "Breach" Highlights Failure of FTC to Enforce Consent Orders

In 2009, EPIC and a coalition of US consumer privacy organizations petitioned the Federal Trade Commission to establish comprehensive privacy safeguards after Facebook changed user privacy settings and secretly transferred user data to third parties. In 2011, the FTC agreed with the privacy groups and established a far-reaching settlement with the company, that prevented such disclosures, prohibited deceptive statements, and required annual reporting. But the FTC failed to enforce its consent order, even after EPIC sued the agency and consumer groups repeatedly urged the Commission to act. This weekend the Washington Post and the New York Times reported that Facebook disclosed the personal data of 50 million users without their consent to Cambridge Analytica, the controversial British data mining firm that sought to influence the 2016 presidential election.

« D.C. Circuit Affirms "Consent" Protection in FCC Robocall Rule | Main | EPIC Tells House to Probe Commerce Secretary on Data Protection, Privacy Shield »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security