You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

In re Facebook - Cambridge Analytica

Summary

On March 16, 2018, Facebook admitted to the unlawful transfer of 50 million user profiles to the data analytics firm Cambridge Analytica, which harvested the data without user consent. Cambridge Analytica, hired by President Trump’s 2016 presidential campaign, was able to collect the private information of approximately 270,000 users and their extensive friend networks under false pretenses as a research-driven application. All of the users that participated in the survey consented to having their data collected but was told it was for “academic use.” The third party application subsequently scraped the data of these user’s friends without their knowledge or consent and transferred the data to Cambridge Analytica. Since Facebook’s announcement, the number has increased to up to 87 million users, making it one of the largest unlawful data transfers in Facebook’s history. Lawmakers in the U.S. and abroad have opened investigations into this incident and Mark Zuckerberg testified publicly before Congress.

Top News

  • Wiretapping Claims Against Facebook Move Forward as Supreme Court Denies Review: This week, the U.S. Supreme Court denied a petition for review in In re: Facebook, Inc. Internet Tracking Litigation, a case challenging Facebook's use of "cookies" to track internet browsing activity even when users were logged out of their Facebook accounts. The U.S. Court of Appeals for the Ninth Circuit held that Facebook's use of cookies to track Internet users browsing other websites might violate the federal Wiretap Act because Facebook was not an authorized party to those communications. Facebook's efforts to get the Supreme Court to reject this holding of the Ninth Circuit failed, and now the case will move forward. EPIC filed an amicus brief in the Ninth Circuit in this case and has filed briefs opposing settlements in other cases challenging cookie-based surveillance. EPIC has long advocated against the use of cookies and other surveillance tools to track people online. EPIC continues to advocate for clear rules and restrictions on web tracking as companies replace cookies with new surveillance techniques that would do little to protect privacy online. (Mar. 22, 2021)
  • Court Approves FTC-Facebook Deal, But Says Data Protection Laws Need Updating: Despite objections from EPIC and other consumer groups, a federal judge has approved the Federal Trade Commission’s settlement with Facebook over the company’s alleged violations of the 2012 consent decree and the FTC Act. The court called Facebook’s alleged conduct “stunning,” “unscrupulous,” “shocking,” and “underhanded,” and even stated that it “might well have fashioned different remedies were it doing so out of whole cloth.” The court nevertheless approved the deal because of the “deferential” standard it felt bound to apply, but the court warned that, should the FTC accuse Facebook of further violations of the law, the court “may not apply quite the same deference to the terms of a proposed resolution.” EPIC had moved to intervene in the case and filed an amicus brief arguing that the deal imposes “few new obligations on the company that would limit the collection and use of personal data, nor will there be any significant changes in business practices.” The court denied EPIC’s motion to intervene but acknowledged that EPIC’s arguments as amicus “call into question the adequacy of laws governing how technology companies that collect and monetize Americans’ personal information must treat that information.” (Apr. 24, 2020)

    • More top news

  • EPIC Uncovers 3,156 More Facebook Complaints at FTC—Over 29,000 Now Pending (Sep. 22, 2019) +
    Through a Freedom of Information Act Request, EPIC has obtained thousands of new consumer complaints (part 1, part 2)against Facebook. The most recent documents, released to EPIC, follow the Commission’s proposed $5 b settlement in July. Among the complaints uncovered by EPIC are those from consumer groups and members of Congress. EPIC also obtained records of new complaints in the FTC’s Consumer Sentinel database. EPIC earlier uncovered 26,000 complaints against Facebook since the announcement of the 2011 consent order. EPIC is formally challenging the proposed settlement with Facebook, charging that the Commission has failed to investigate thousands of complaints against the company.
  • EPIC Pursues Intervention in FTC Facebook Case (Aug. 12, 2019) +
    EPIC has filed a reply brief in support of its motion to intervene in United States v. Facebook, a case concerning the proposed settlement between the Federal Trade Commission and Facebook. The Government and Facebook have sought to block EPIC's participation. EPIC pursued intervention to protect the interests of Facebook users and to ensure that pending complaints at the FTC were not ignored. EPIC told the court overseeing the case that the settlement "is not adequate, reasonable, or appropriate." In response to Facebook and the government, EPIC explained that the settlement is "arbitrary and capricious because the Commission seeks to grant Facebook immunity from any unlawful practices identified in prior consumer complaints, without addressing or even identifying the prior complaints." EPIC also argues that the FTC's failure to consider public comments on the settlement, as the agency is required to do under its own regulations, "denies EPIC and others the opportunity to submit comments on the consent agreement." An EPIC FOIA lawsuit uncovered more than 26,000 complaints against Facebook pending at the agency. In 2009, EPIC and other consumer privacy organizations filed the original complaint that created legal authority for the FTC to oversee Facebook's privacy practices. Many members of Congress, consumer organizations, and corporate law experts have opposed the proposed settlement, which was narrowly approved by the Commission, 3-2.
  • EPIC Challenges FTC-Facebook Settlement, Asks Court to Hear from Privacy Groups (Jul. 26, 2019) +
    EPIC has filed a Motion to Intervene in United States v. Facebook to protect the interests of Facebook users. The case concerns a proposed settlement between the FTC and Facebook. EPIC said the settlement "is not adequate, reasonable, or appropriate." EPIC also explained that the settlement would extinguish more than 26,000 consumer complaints against Facebook pending at the FTC. EPIC asked the court for an opportunity for EPIC and others to be heard before the settlement is finalized. EPIC filed the original complaint that created legal authority for the FTC to oversee Facebook. Back in 2011, EPIC also urged the Commission to require Facebook to restore the privacy settings of users, give users access to all of the data that Facebook keeps about them, stop making facial recognition profiles without users' consent, make the results of the government privacy audits public, and stop secretly tracking users across the web. Earlier this year, EPIC and others urged the FTC to pursue structural remedies, including the divestiture of WhatsApp. Many organizations and individuals have expressed concern about the proposed settlement, which was narrowly approved by the Commission, 3-2. More info at https://epic.org/privacy/facebook/epic2019-challenge/
  • BREAKING - FTC Issues Facebook Fine, EPIC - "Too little, too late." (Jul. 24, 2019) +
    The Federal Trade Commission announced today the first fine against Facebook since EPIC and a coalition of privacy organizations filed a complaint with the Commission about the company’s businesses practices back in 2009. In a 2011 consent order the FTC said it would bar Facebook "from making any further deceptive privacy claims.” But in the years that followed, the FTC failed to act even as complaints emerged about marketing to children, privacy settings, tracking users, gathering health data, and facial recognition. Earlier this year, EPIC determined that there were 26,000 complaints against Facebook pending at the Commission. EPIC President Marc Rotenberg said today, “The FTC’s action is too little, too late. American consumers cannot wait another decade for the Commission to act against a company that violates their privacy rights. Congress should move quickly to establish a data protection agency."
  • Court Rules D.C. Attorney General's Lawsuit Against Facebook Will Proceed (Jun. 3, 2019) +
    The D.C. Superior Court denied Facebook's motion to dismiss the complaint filed by D.C. Attorney General over the privacy practices that led to Cambridge Analytica. The D.C. Attorney General alleged that Facebook failed to monitor third-party use of personal data and failed to ensure users' data was deleted. The lawsuit seeks financial penalties, and an injunction to establish safeguards to protect users' data. The court ruled that the case could proceed because "District of Columbia residents' widespread utilization of, and repeated exchange of personal information through Facebook's online social networking service, constitute 'transactions.'" EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order. Facebook anticipates a $3-5 billion fine from the FTC.
  • Facebook Anticipates $3B-$5B Fine (Apr. 26, 2019) +
    According to news reports, Facebook has budgeted $3 billion for in its first-quarter earnings report, saying it expected the FTC to fine the company between $3-$5 billion. In January, EPIC and a coalition of consumer and civil rights groups sent a letter to the FTC calling on the Commission to enforce the order against Facebook by 1) imposing substantial fines; 2) establishing structural remedies; 3) requiring compliance with Fair Information Practices; 4) reforming hiring and management practices; and 5) restoring democratic governance. Also, EPIC's Freedom of Information Act request revealed that there are there are over 26,000 complaints pending against Facebook. In the eight years since the FTC announced the consent order barring Facebook from making any misrepresentation about user privacy, the FTC has not taken a single enforcement action against the company. EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order.
  • Senator Blumenthal Calls on FTC to Unwind Big Tech Mergers (Mar. 7, 2019) +
    In a Senate Judiciary Committee hearing earlier this week, Senator Richard Blumenthal said that antitrust enforcers must consider unwinding anticompetitive mergers. “Over the past decade tech companies have in effect been given a free pass by antitrust regulators,” Senator Blumenthal said. "Facebook perhaps should never been allowed to acquire Instagram, Google to acquire DoubleClick. I have come to the conclusion that maybe post merger, some of these transactions should be challengeable, rarely done, but still challengeable, especially when the merger is approved on conditions that are then violated.” Earlier this year, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger.
  • EPIC, Open Markets, Civil Rights Groups Press FTC on Facebook Consent Order (Jan. 23, 2019) +
    EPIC joined a coalition of groups urging the FTC to issue strong penalties in Facebook matter. "Given that Facebook’s violations are so numerous in scale, severe in nature, impactful for such a large portion of the American public and central to the company’s business model, and given the company’s massive size and influence over American consumers, penalties and remedies that go far beyond the Commission’s recent actions are called for,” the letter stated. The groups said the FTC should 1) impose substantial fines; 2) establish structural remedies; 3) require compliance with Fair Information Practices; 4) reform hiring and management practices; and 5) restore democratic governance.
  • Senators Urge FTC to Act Against Facebook (Jan. 18, 2019) +
    In a letter to the Federal Trade Commission, Senators Ed Markey and Richard Blumenthal pushed the Commission to take swift action against Facebook, despite the government shutdown. "While we have repeatedly expressed concerns about the pace of this investigation, we fear that the current government shutdown further threatens the FTC's ability to complete this investigation," the Senators wrote. "When Americans' privacy is breached, they deserve a speedy and effective response." The letter comes nearly ten months after the FTC announced it would reopen an investigation into Facebook after EPIC's urging. Since then, EPIC has urged the Commission to act and has repeatedly highlighted Facebook's violations of the 2011 consent order in statements to Congress. The 2011 consent order followed an extensive complaint filed by EPIC and a coalition of consumer privacy organizations in 2009.
  • In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites (Dec. 7, 2018) +
    In a surprisingly brief opinion, the Ninth Circuit has upheld a decision to dismiss a privacy suit against Facebook concerning the collection of sensitive medical data. In Smith v. Facebook, users alleged that the company tracked their visits to healthcare websites, in violation of the websites' explicit privacy policies. In a little less than five pages, the Ninth Circuit decided that Facebook was not bound by the promises made not to disclose users' data to Facebook because Facebook has a provision, buried deep in its own policy, that allows Facebook to secretly collect such data. The court actually wrote that searches for medical information are not sensitive because the "data show only that Plaintiffs searched and viewed publicly available health information..." EPIC filed an amicus brief in the case, arguing that "consent is not an acid rinse that dissolves common sense." In 2011 Facebook settled charges with the FTC that it routinely changed the privacy settings of users to obtain sensitive personal data. The consent order resulted from detailed complaints brought by EPIC and several other consumer organizations.
  • Facebook's Response to Congress Provides More Evidence of Consent Order Violations (Jul. 2, 2018) +
    Late Friday afternoon, Facebook submitted over 700 pages of responses to questions from members of Congress following Mark Zuckerberg's testimony in April. Facebook has now admitted that it provided developers and device makers access to personal data despite publicly stating that it had discontinued the practice. In April EPIC submitted a detailed letter to Congress, explaining that the Cambridge Analytica breach could have been avoided if the FTC had enforced the 2011 Consent Order. That Consent Order was the result of extensive complaints EPIC and consumer organizations filed with the FTC in 2009 and 2010. In March, the Acting Director of the FTC stated "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."
  • EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices (Jun. 27, 2018) +
    EPIC has filed an amicus brief with the Ninth Circuit Court of Appeals in In re: Facebook, Inc. Internet Tracking Litigation. At issue is whether Facebook violated the privacy rights of users by tracking their web browsing even after they logged out of the platform. EPIC explained that cookies "no longer serve the interests of users" and instead "tag, track, and monitor users across the Internet." EPIC said a lower court wrongly concluded that users should develop countermeasures to assert their privacy rights. EPIC responded that it would be absurd to expect users to compete in a "technical arms race" when "Facebook's tracking techniques are designed to escape detection and the company routinely ignores users' privacy protections." EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." EPIC frequently participates as amicus curiae in consumer privacy cases, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.
  • US Consumer Groups Urge FTC To Examine 'Deceived by Design' Practices (Jun. 27, 2018) +
    EPIC and a coalition of consumer organizations sent a letter to the FTC about recent tactics by Facebook and Google to trick users into disclosing personal data. "We urge you to investigate the misleading and manipulative tactics of the dominant digital platforms in the United States, which steer users to 'consent' to privacy-invasive default settings," the letter states. The letter highlights a report by the Norwegian Consumer Council entitled "Deceived by Design," which details how companies employ numerous tricks and tactics to nudge users into selecting the least privacy-friendly options. EPIC and consumer privacy organizations previously filed complaints with the FTC when Facebook undermined users' privacy settings and Google automatically opted users into Google Buzz. In both cases, the FTC determined that the companies had engaged in "unfair and deceptive trade practices." Both Facebook and Google settled with the FTC and were then subject to 20 year consent orders that were intended to prevent the companies from engaging in similar practices in the future.
  • At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order (Jun. 19, 2018) +
    In a Senate Commerce Committee hearing today on Facebook and data privacy, former FTC CTO Ashkan Soltani stated that Facebook violated the 2011 FTC Consent Order by transferring personal data to Cambridge Analytica and device makers contrary to user privacy expectations. Soltani said that Facebook continued to misrepresent the extent to which users could control their privacy settings and allowed device makers to override users' privacy settings. Senator Blumenthal and other members of Congress had previously said the company violated the Consent Order, which was the result of complaints filed by EPIC in 2009 and 2010. In a statement to the Committee in advance of the hearing, EPIC urged the Senate to focus on the FTC's failure to enforce the Consent Order with Facebook.
  • EPIC Urges Senate Committee to Focus on Consent Order with Facebook (Jun. 19, 2018) +
    EPIC has sent a statement to the Senate Commerce Committee outlining the FTC's failure to enforce the 2011 Consent Order with Facebook. The statement from EPIC is for a hearing on "Cambridge Analytica and Other Facebook Partners: Examining Data Privacy Risks." In 2009, EPIC and several consumer groups pursued a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook's data practices. The FTC established a Consent Order in 2011, but failed to enforce the Order even after EPIC sued the agency in a related matter. In the statement to the Senate this week, EPIC contends that the FTC could have prevented the Cambridge Analytica debacle and Facebook's secret arrangements with device makers if the agency enforced the 2011 Order.
  • Facebook Overrode Users’ Privacy Settings And Allowed Device Makers To Access Personal Data (Jun. 5, 2018) +
    Facebook had secret arrangements with at least 60 device makers granting them access to users' personal data, according to a report by the New York Times. Facebook overrode users privacy settings to allow companies to access sensitive information that users' had explicitly set to private. These arrangements directly contradict Facebook's previous statements that it cut off third party access to user data in 2015. Facebook is already under FTC investigation for violating a 2011 Consent Order that EPIC and consumer privacy organizations obtained. The Order bars Facebook from disclosing data to third parties without explicit consent. EPIC recently urged the FTC to enforce the Consent Order following revelations that Facebook allowed Cambridge Analytica to access the data of 87 million users. In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."
  • EPIC Obtains Partial Release of 2017 Facebook Audit (Apr. 20, 2018) +
    EPIC has obtained a redacted version of the 2017 Facebook Assessment required by the 2012 Federal Trade Commission Consent Order. The Order required Facebook to conduct biennial assessments from a third-party auditor of Facebook's privacy and security practices. In March, EPIC filed a Freedom of Information Act request for the 2013, 2015, and 2017 Facebook Assessments as well as related records. The 2017 Facebook Assessment, prepared by PwC, stated that "Facebook's privacy controls were operating with sufficient effectiveness" to protect the privacy of users. This assessment was prepared after Cambridge Analytica harvested the personal data of 87 million Facebook users. In a statement to Congress for the Facebook hearings last week, EPIC noted that FTC Commissioners represented that the Consent Order protected the privacy of hundreds of millions of Facebook users in the United States and Europe.
  • Senator Blumenthal Calls On FTC To Enforce Consent Order Against Facebook (Apr. 20, 2018) +
    Senator Richard Blumenthal (D-CT) has called for "monetary penalties that provide redress for consumers and stricter oversight" in a letter to the Federal Trade Commission. Senator Blumenthal focused on the FTC's 2011 Consent Order that EPIC, and a coalition of consumer groups obtained, after preparing a detailed complaint in 2009. Referring to the Cambridge Analytica scandal, Senator Blumenthal wrote that "three of the FTC's claims concerned the misrepresentation of verification and privacy preferences of third-party apps." Senator Blumenthal also raised questions about the FTC's monitoring of the consent order, noting that "even the most rudimentary oversight would have uncovered these problematic terms of service." And the Senator stated, "The Cambridge Analytica matter also calls into question Facebook's compliance with the consent decree's requirements to respect privacy settings and protect private information." EPIC and other consumer groups recently urged the FTC to reopen the investigation. The FTC has confirmed that an investigation of Facebook is now underway.
  • EPIC Urges Senate to Focus on FTC Consent Order with Facebook (Apr. 9, 2018) +
    In advance of a joint hearing about Facebook's failure to protect the personal data of users, EPIC has sent a comprehensive statement to the Senate Committee on the Judiciary and the Senate Committee on Commerce. EPIC is urging the Senators to focus on the 2011 Consent Order between Facebook and the Federal Trade Commission. In 2009, EPIC and a coalition of consumer groups presented the FTC with a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook. The FTC adopted a Consent Order in 2011, based on EPIC's Complaint, but failed to enforce the Order even after EPIC sued the agency in a related matter. In numerous comments to the FTC, EPIC and others urged the FTC to enforce its consent order. In the statement to the Senate this week, EPIC contends that the Cambridge Analytica debacle could have been prevented if the FTC enforced the Order.
  • UPDATE - EPIC, Consumer Groups Urge FTC to Investigate Facebook's Use of Facial Recognition (Apr. 6, 2018) +
    EPIC and a coalition of consumer groups have filed a complaint with the FTC, charging that Facebook's use of facial recognition techniques threaten user privacy and "in multiple ways" violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." In 2011 EPIC and consumer groups urged the FTC to investigate Facebook’s facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques." EPIC President Marc Rotenberg said today, "Facebook should suspend further deployment of facial recognition pending the outcome of the FTC investigation."
  • EPIC, Consumer Groups to Urge Federal Trade Commission to Investigate Facebook's Use of Facial Recognition (Apr. 5, 2018) +
    EPIC and a coalition of consumer groups will file a complaint with the FTC on Friday charging that Facebook's use of facial recognition techniques threaten user privacy and violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." The FTC has confirmed that an investigation is now underway. The FTC said, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements." Facebook CEO Mark Zuckerberg will testify next week before the Senate Judiciary Committee and the House Commerce Committee. In 2011 EPIC urged the FTC to investigate Facebook's facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques."
  • State AGs Launch Facebook Investigation (Mar. 26, 2018) +
    A bipartisan group of 37 State Attorneys General is investigating Facebook's business practices and lack of privacy protections. "Businesses like Facebook must comply with the law when it comes to how they use their customers' personal data," Pennsylvania Attorney General Josh Shapiro said. "State Attorneys General have an important role to play in holding them accountable." The Federal Trade Commission also announced today that it is investigating Facebook. Senate Judiciary Chairman Grassley has also said there will be hearings on the Facebook matter when Congress returns.
  • FTC Confirms Investigation Into Facebook about 2011 Consent Order (Mar. 26, 2018) +
    The Federal Trade Commission has confirmed an investigation into Facebook for the company's failure to protect the personal data obtained by Cambridge Analytica. Facebook likely violated the FTC's 2011 Consent Order with the company. Last week, EPIC and a coalition of consumer organizations urged the FTC to reopen the investigation. EPIC and other consumer organizations brought the complaint that led to the FTC's 2011 Order. Thomas Pahl, the Acting Director of the FTC's Bureau of Consumer Protection stated today, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook." In a recent article for Techonomy, EPIC President Marc Rotenberg emphasized that "the transfer of 50 million user records to the controversial data mining and political consulting firm could have been avoided if the Federal Trade Commission had done its job."
  • EPIC FOIAs FTC, Seeks Facebook's Privacy Assessments (Mar. 20, 2018) +
    EPIC has submitted an urgent Freedom of Information Act request to the Federal Trade Commission, seeking the privacy assessments required by the FTC's 2012 Consent Order. Facebook is required to produce independent privacy assessments every two years for the next 20 years. Each assessment should "identify Facebook's privacy controls maintained during the reporting period, explain the appropriateness of these controlsin relation to Facebook's activities and sensitivity of information, as well as explain how these controls meet or exceed the protections" required in the 2012 Consent Order. Facebook is also required to identify an independent privacy auditor, approved by the FTC. EPIC previously obtained the 2012 Initial Compliance Report as well as the 2013 Initial Assessment through an earlier FOIA request. EPIC is now seeking the 2015 and 2017 reports which cover the period for the data transfers to Cambridge Analytica.
  • EPIC, Consumer Groups Urge FTC To Investigate Facebook (Mar. 20, 2018) +
    In a statement issued today, EPIC and a coalition of consumer groups have called on the Federal Trade Commission to determine whether Facebook violated a 2011 Consent Order when it facilitated the transfer of personal data of 50 million Facebook users to the data mining firm Cambridge Analytica. The groups had repeatedly urged the FTC to enforce its own legal judgements. EPIC even sued the agency in 2012 for its failure to enforce a consent order against Google. "The FTC's failure to act imperils not only privacy but democracy as well," the groups warned. Between 2009 and 2011 EPIC and other consumer groups undertook extensive work to document Facebook's privacy abuses that led to the consent order in 2011.
  • Facebook "Breach" Highlights Failure of FTC to Enforce Consent Orders (Mar. 19, 2018) +
    In 2009, EPIC and a coalition of US consumer privacy organizations petitioned the Federal Trade Commission to establish comprehensive privacy safeguards after Facebook changed user privacy settings and secretly transferred user data to third parties. In 2011, the FTC agreed with the privacy groups and established a far-reaching settlement with the company, that prevented such disclosures, prohibited deceptive statements, and required annual reporting. But the FTC failed to enforce its consent order, even after EPIC sued the agency and consumer groups repeatedly urged the Commission to act. This weekend the Washington Post and the New York Times reported that Facebook disclosed the personal data of 50 million users without their consent to Cambridge Analytica, the controversial British data mining firm that sought to influence the 2016 presidential election.
  • EPIC Offers Recommendations for Future of FTC Ahead of Senate Hearing on Nominees (Feb. 13, 2018) +
    In advance of a Senate hearing on four nominees to the Federal Trade Commission, EPIC recommended 10 steps for the FTC to safeguard American consumers. EPIC explained that the FTC's failure to address the data protection crisis has contributed to unprecedented levels of data breach and identity theft in the United States. EPIC helped establish the FTC's authority for consumer privacy and has urged the FTC to safeguard American consumers in cases involving Microsoft, Google, Facebook, Uber, Samsung and others. EPIC also filed a lawsuit against the FTC when it failed to enforce a consent order against Google.
  • EPIC Calls for Greater FTC Enforcement (Sep. 28, 2017) +
    In advance of a Senate Commerce hearing on consumer privacy, EPIC called for more action by the Federal Trade Commission to protect American consumers. In a statement for the Committee, EPIC said that "the FTC is simply not doing enough to safeguard the personal data of American consumers." EPIC explained that "the FTC's privacy framework - based largely on 'notice and choice' - is simply not working." EPIC also warned that consumers "face unprecedented threats of identity theft, financial fraud, and security breach." EPIC has fought for consumer privacy rights at the FTC for more than two decades, filing landmark complaints about privacy violations by Uber, Microsoft, Facebook, Google, and even suing the Commission when it has failed to enforce its own orders.
  • EPIC Urges Public Comments on FTC Settlement with Uber (Sep. 6, 2017) +
    EPIC is urging the public to comment on the proposed FTC settlement with Uber regarding consumer privacy. (Federal Register Notice). The FTC settlement follows EPIC's 2015 complaint, which detailed Uber's secretive tracking of customers and surreptitious collection of user data. The proposed settlement requires regular privacy audits of Uber by third parties but fails to make substantial changes in the companies business practices or require the company to delete the personal data that was wrongfully obtained. The deadline to file a comment with the FTC is September 15, 2017. The FTC is required to consider public comments before finalizing a proposed settlement. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC also recently filed an FTC complaint to stop Google from tracking in-store purchases.
  • Following EPIC Complaint, Uber Agrees To Stop Tracking Riders (Aug. 29, 2017) +
    Uber has ended the practice of tracking customers before and after they are picked up. In 2015, Uber announced the company would track the location of riders from the time they ordered a ride until after they had reached their destination. EPIC promptly filed a complaint with the FTC and stated that "This collection of user's information far exceeds what customers expect from the transportation service." The end to Uber's tracking of riders comes two weeks after Uber entered into a consent agreement with the FTC following a complaint filed EPIC that highlighted Uber's history of misusing customer data. But EPIC said the FTC settlement does not go far enough. "The FTC should have imposed stronger sanctions on Uber, required the company to disgorge the personal data it had unlawfully obtained, and required the company to restore the original privacy settings," said EPIC President Marc Rotenberg. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC recently filed an FTC complaint to stop Google from tracking in-store purchases.
  • After EPIC Privacy Complaint, Uber Settles with FTC (Aug. 15, 2017) +
    After an EPIC complaint about Uber's privacy practices, Uber has entered into a consent agreement with the FTC. The agreement prohibits Uber from misrepresenting how it monitors or secures consumer information. As with most FTC privacy settlements, the agreement also requires Uber to implement a comprehensive privacy program and obtain periodic independent third-party audits. In 2015, EPIC filed a complaint with the Federal Trade Commission charging that Uber's plan to track users and gather contact details was an unlawful and deceptive trade practice. EPIC cited Uber's history of misusing customer data as one of many reasons the Commission should act. EPIC has previously pursued successful FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC recently filed an FTC complaint to stop Google from tracking in-store purchases.
  • Rep. Blackburn Proposes Online Privacy Bill, Would Preempt Stronger State Protections (May. 19, 2017) +
    Rep. Marsha Blackburn (R-TN) has introduced the The Browser Act, H.R. 2520, aimed at protecting online privacy. The Browser Act would apply to Internet ISPs as well as Internet companies, such, as Google and Facebook, and would generally require "opt-in" consent before sensitive information could be collected or disclosed. However, the bill lacks a private right of action or a remedy for violations. The bill gives enforcement authority to the FTC which has mostly failed to protect consumers online privacy. The bill lacks data breach notification, and would overwrite stronger state privacy laws that protect consumers. In comments to the FCC and elsewhere, EPIC has set out a comprehensive framework for online privacy.
  • EPIC, CDD Charge WhatsApp Policy Change Unlawful, Urge FTC to Act (Aug. 29, 2016) +
    EPIC and the Center for Digital Democracy have filed a complaint with the FTC concerning WhatsApp’s plan to transfer user data, including personal phone numbers, to Facebook. This reversal contradicts WhatsApp’s previous promises to users that their personal information would not be disclosed and would not be used for marketing purposes. EPIC said that WhatsApp change in business practices is unlawful and that the FTC is obligated to act. EPIC previously filed a complaint with the FTC over Facebook’s acquisition of WhatsApp in 2014. In response, the FTC warned the two companies they must honor their privacy promises to users. The FTC has said "When companies tell consumers they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises."
  • With New Policy Changes, Facebook Tracks Users Across the Web (Feb. 4, 2015) +
    Over the objections of consumer privacy organizations, Facebook has implemented policy changes that allow the company to track users across the web without consent. The Dutch data protection commissioner launched an investigation after the original announcement. This week the a German privacy agency announced a similar investigation. Last year, EPIC and a coalition of consumer privacy groups urged the FTC to halt Facebook's plan to collect web-browsing information from its users. Facebook is already under a 20 year consent decree for changing users' privacy settings. The consent decree resulted from complaints brought by EPIC and others in 2009 and 2010.
  • Facebook Revises Privacy Policy (Dec. 5, 2014) +
    Facebook has again revised its privacy policy. Despite the new graphics, Facebook continues to collect and disclose enormous amounts of user data without meaningful consent. The use of location data has expanded dramatically. "We collect information from or about the computers, phones, or other devices where you install or access our Services," states Facebook. These include "device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals." Facebook is currently under a 20 year consent decree with the Federal Trade Commission as a consequence of a complaint brought by EPIC and coalition of consumer privacy organizations when the company changed the privacy settings of users. More recently consumer organizations in the US and Europe have objected to Facebook's decision to track the web activities of users and to profile offline purchase. Privacy groups have also objected to Facebook's manipulation of user news feeds. For more information, see EPIC: Facebook and EPIC: In re Facebook.
  • Facebook Responds to EPIC Complaint About "Emotions Study" (Oct. 2, 2014) +
    Facebook has announced revised guidelines concerning user data the company discloses to researchers. In 2012, Facebook subjected 700,000 users to an "emotional" test by manipulating their News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In response, EPIC filed a formal complaint to the Federal Trade Commission. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has also asked the FTC to require that Facebook make public the News Feed algorithm. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy, as a result of complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. The new guidelines have improved Facebook's research process, but they still raise questions about human subject testing by advertising companies. EPIC still believes the NewsFeed algorithm should be made public. For more information, see EPIC: In re: Facebook (Psychological Study) and EPIC: Federal Trade Commission.
  • European Facebook Users Privacy Lawsuit Moves Forward (Aug. 26, 2014) +
    A group of over 25,000 European Facebook users may proceed with their lawsuit against Facebook. The users, led by privacy activist Max Schrems, sued Facebook in a court in Vienna. The users charge Facebook with violating EU privacy law by improperly handling users' data. Now that the court has approved the class action suit, Facebook must respond to the complaints. In 2011, Schrems brought a similar lawsuit against Facebook in an Irish court. In the same year, Facebook signed a consent order with the Federal Trade Commission, following a complaint filed by EPIC and a group of American consumer privacy organizations. EPIC has also filed an amicus brief in a federal class action lawsuit, opposing Facebook's use of children's images for advertising purposes. In 2013, EPIC gave the International Privacy Champion Award to Max Schrems, calling him "an innovative and effective spokesperson for the right to privacy." For more information, see EPIC: In re Facebook.
  • Following EPIC Complaint, Senator Seeks Investigation of Facebook User Manipulation Study (Jul. 17, 2014) +
    Senator Mark Warner has asked the Federal Trade Commission to investigate the legality of Facebook's emotional manipulation study. In a letter to the Commission, Senator Warner stated that "it is not clear whether Facebook users were adequately informed and given an opportunity to opt-in or opt-out." He asked the FTC to conduct an investigation to see "if this 2012 experiment violated Section 5 of the FTC Act or the 2011 consent agreement with Facebook," two issues raised in EPIC's earlier complaint. "The company purposefully messed with people's minds," wrote EPIC in a complaint to the Commission. EPIC charged that Facebook violated a consent decree that required the company to respect user privacy and also engaged in a deceptive trade practice. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.
  • EPIC Challenges Facebook's Manipulation of Users, Files FTC Complaint (Jul. 3, 2014) +
    EPIC has filed a formal complaint to the Federal Trade Commission concerning Facebook's manipulation of users' News Feeds for psychological research. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has charged that the study violates a privacy consent order and is a deceptive trade practice. In 2012, Facebook subjected 700,000 users to an "emotional" test with the manipulation of News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In the complaint, EPIC explained that Facebook's misuse of data is a deceptive practice subject to FTC enforcement. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy. The consent decree resulted from complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.
  • EPIC Urges FTC to Protect Snapchat Users' Privacy (Jun. 10, 2014) +
    EPIC has submitted comments to the Federal Trade Commission, urging the agency to require Snapchat to safeguard consumer privacy. Following a 2013 EPIC complaint, the FTC signed a consent order with Snapchat, the publisher of a mobile app that encourages users to share intimate photos and videos. Snapchat claimed that pictures and videos would "disappear forever," but that was false. As EPIC explained, "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." EPIC expressed support for the findings in the proposed FTC Settlement with Snapchat. But EPIC recommended that the FTC require Snapchat to implement the Consumer Privacy Bill of Rights and make Snapchat's independent privacy assessments publicly available. EPIC pursued similar claims involving false promises about data deletion with AskEraser. EPIC has also made similar recommendation for other proposed FTC consumer privacy settlements. For more information, see EPIC: In re Google, EPIC: In re Facebook, and EPIC: FTC.
  • Federal Trade Commission Urges Court to Protect Student Privacy (May. 29, 2014) +
    The Federal Trade Commission is opposing the sale of student data in a bankruptcy proceeding for ConnectEDU. The company privacy policy promises it will give students "reasonable notice and an opportunity to remove personally identifiable information" from its website. The FTC said that the sale of student information "without reasonable notice to users and an opportunity to remove personal information would contradict the privacy statements originally made to users." The FTC letter also cites consent agreements with Snapchat, Google, and Facebook. Each of these consent orders was a result of an EPIC FTC complaint. Last year, EPIC filed an extensive complaint concerning Scholarships.com's business practices. The company encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. For more information, see EPIC: Student Privacy, EPIC: In re Google Buzz, EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • EU Court Rules Google Must Respect Right to Delete Links (May. 13, 2014) +
    The European Court of Justice has upheld the "right to be forgotten" and ruled that Google must delete links upon request concerning private life. The Court also determined that companies are subject to the EU Data Protection Directive and that jurisdiction extends to companies that set up a branch in an EU state. The Court said that since privacy is a fundamental right, it overrules the economic interests of the company and the public interest in access to the information. However this is not the case concerning one's activity in public life. EPIC has broadly supported the privacy rights of Internet users and the specific right to "expunge" information held by commercial firms. For more information, see EPIC - In re Facebook, EPIC - Expungement, and EPIC - G.D. v. Kenny.
  • EPIC's Snapchat Privacy Complaint Results in 20-Year FTC Consent Order (May. 8, 2014) +
    Following a 2013 EPIC complaint, the FTC has signed a consent order with Snapchat, the publisher of a mobile app that encourages user to share intimate photos and videos. Snapchat claimed that pictures and videos would "disappear forever." However, the images could be retrieved by others. As EPIC wrote in the complaint "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." In announcing the settlement, FTC Chairwoman Edith Ramirez said, "If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action." Under the settlement, Snapchat will be subject to 20 years of privacy audits, and will be prohibited from making false claims about its privacy policies. EPIC pursued similar claims involve false promises about data deletion with AskEraser. The FTC will be accepting Public Comments on the proposed Snapchat consent order. For more information, see EPIC: In re Google, EPIC: In re Facebook and EPIC: FTC.
  • FTC Responds to EPIC Complaint on WhatsApp and Privacy (Apr. 10, 2014) +
    The Federal Trade Commission has notified Facebook and WhatsApp that they must honor their privacy commitments to users. According to the letter from the Director of the FTC Bureau of Consumer Protection, "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook." The FTC letter followed a detailed complaint from EPIC and CDD concerning the privacy implications of the $19B sale to Facebook. WhatsApp had assured users of strong privacy safeguards prior to the sale. The FTC letter concludes "hundreds of millions of users have entrusted their personal information to WhatsApp. The FTC staff continue to monitor the companies' practices to ensure that Facebook and WhatsApp honor the promises they have made to those users." For more information, see EPIC: In re: WhatsApp, EPIC: In re: Facebook and EPIC: Federal Trade Commission.
  • Federal Trade Commission Backs Users in Facebook Privacy Case (Mar. 21, 2014) +
    The FTC has filed an amicus brief in a case before a federal appeals court concerning Facebook users. If a controversial settlement is approved, Facebook will display the images of users, including young children, in Facebook advertising without consent. Several Facebook users formally objected to the plan, arguing that it would violate state laws. A children's advocacy organization also objected, stating that the "settlement is actually worse than no settlement." The FTC brief explains that state privacy laws do prevent the display of children's images without consent. EPIC also filed an amicus brief in support of the users, explaining that the settlement is unfair and should be rejected. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.
  • WhatsApp Founder Responds to EPIC Privacy Complaint (Mar. 18, 2014) +
    Following Facebook's announced plan to purchase WhatsApp, a popular pro-privacy messaging services, EPIC urged the FTC to block the acquisition. EPIC explained to the Commission that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. WhatsApp founder Jan Koum has now published a blog post in response to the EPIC Complaint. Koum wrote, "Above all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal." He added, "Make no mistake: our future partnership with Facebook will not compromise the vision that brought us to this point." For more information, see EPIC: In re WhatsApp, EPIC: Federal Trade Commission, and EPIC: In re Facebook.
  • EPIC Urges FTC Investigation of WhatsApp Sale to Facebook (Mar. 6, 2014) +
    EPIC has filed a complaint to the Federal Trade Commission concerning Facebook's proposed purchase of WhatsApp. WhatsApp is a messaging service that gained popularity based on its strong pro-privacy approach to user data. WhatsApp currently has 450 million active users, many of whom have objected to the proposed acquisition. Facebook regularly incorporates data from companies it has acquired.The Federal Trade Commission has previously responded favorably to EPIC complaints concerning Google Buzz, Microsoft Passport, Changes in Facebook Privacy Settings, and Choicepoint security practices. However, the FTC approved Google's acquisition of Doubleclick over EPIC's objection. Facebook is currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy and to comply with the US-EU Safe Harbor guidelines. For more information, see EPIC: In re Google Buzz, EPIC: Microsoft Passport, EPIC: In re Facebook, and Privacy? Proposed Google/DoubleClick Merger.
  • EPIC Files Amicus Brief in Facebook Consumer Privacy Case, Urges Rejection of Settlement (Feb. 21, 2014) +
    EPIC has filed a amicus brief urging a federal appeals court to overturn a controversial consumer privacy settlement. If the Fraley v. Facebook settlement is approved, Facebook will display the images of Facebook users, including young children, for commercial endorsement without consent. Facebook users opposed "Sponsored Stories" and several have formally objected to the settlement, including a children's advocacy organization which said that the "settlement is actually worse than no settlement." The MacArthur Foundation also withdrew stating it should not have been designated to receive funds. EPIC's amicus brief in support of the objectors explains that the settlement is unfair to Facebook users and should be rejected. EPIC also notes that Chief Justice Roberts expressed concerns about a similar privacy settlement involving Facebook. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.
  • Instagram Retreats on Changes to Terms of Service, Cites User Opposition (Dec. 21, 2012) +
    Instagram announced that it would withdraw proposed changes to its terms of service announced earlier this week. Instagram backed off a plan to use the names, images, and photos of users for advertising purposes, pleading instead to "complete our plans, and then come back to our users and explain how we would like for our advertising business to work." Instagram's parent company, Facebook, is bound by the terms of a settlement with the Federal Trade Commission, initiated in 2009 by EPIC and other consumer privacy organizations, that prohibits the company from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. A recent letter to Facebook CEO Mark Zuckerberg from EPIC and the Center for Digital Democracy warned that Facebook's proposed changes would adversely affect Instagram users. For more information, see EPIC: Facebook, EPIC: In re Facebook, and EPIC: FTC.
  • Facebook Updates Privacy Controls, Removes Profiles Safeguard (Dec. 13, 2012) +
    Facebook announced changes to its privacy controls and the privacy settings of its users. The changes include settings that allow users to choose which information apps can access and disclose, and a privacy shortcuts menu. But Facebook also removed an option that allowed users to hide themselves from strangers through Facebook’s search function. The changes follow an election conducted by Facebook in which 88 percent of voters opposed changing the privacy policy and voting rights of users. EPIC previously wrote to the Federal Trade Commission regarding the blanket disclosure features of certain apps and the proposal to end the voting part of the site governance process Facebook. Facebook is currently subject to a settlement with the FTC over privacy violations. For more information, see EPIC: Facebook and EPIC: In re Facebook.
  • Judge Rejects Settlement in Facebook "Sponsored Stories" Case (Aug. 21, 2012) +
    A federal judge has rejected a proposed settlement in a class-action lawsuit about Facebook's unapproved use of user images for advertising purposes. The judge, who had previously expressed skepticism about the terms of the settlement, wrote that the plaintiffs had not justified the lack of direct monetary payments to Facebook users, nor had they explained how users will receive an economic benefit from being able to opt out of future endorsements. EPIC and several consumer privacy organizations opposed the settlement, saying that there was little benefit to Facebook users and that the cy pres allocation was not aligned with the interests of the class. In 2009 and 2010 EPIC and a coalition of consumer privacy organizations brought a successful complaint to the Federal Trade Commission that resulted in a significant consent order. In a letter to the court following the recent court order, EPIC explained that the FTC settlement had produced far greater benefits for Facebook users. For more information, see EPIC: In re Facebook.
  • FTC Finalizes Settlement with Facebook (Aug. 10, 2012) +
    The Federal Trade Commission has finalized the terms of a settlement with Facebook first announced in November of 2011. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In comments filed with the FTC, EPIC recommended strengthening the settlement by requiring Facebook to restore the privacy settings users had in 2009; giving users access to all of the data that Facebook keeps about them; preventing Facebook from creating facial recognition profiles without users’ consent; and publicizing the results of the government privacy audits. Although the FTC decided to adopt the settlement without any modifications, in a response to EPIC, the Commission said that facial recognition data is included within the settlement's definition of "covered information," that the audits would be publicly available to the extent permitted by law, and that the terms of the settlement "are broad enough to address misconduct beyond that expressly challenged in the complaint." Commissioner Rosch dissented from the final settlement, citing concerns that the provisions might not adequately cover deceptive statements made by Facebook apps. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • Judge Skeptical of Facebook Settlement (Aug. 3, 2012) +
    At a preliminary hearing on a proposed settlement involving Facebook "sponsored stories," Judge Seeborg expressed skepticism about the deal, wondering if there was any actual benefit to Facebook users. The deal, which had been endorsed by some groups funded by Facebook, was opposed by EPIC and several consumer privacy organizations. In 2009, EPIC and a coalition of consumer privacy organizations brought a successful complaint to the FTC that resulted in a significant consent order. For more information, see In re Facebook.
  • Facebook Timeline Changes User Privacy Settings. Again. (Dec. 15, 2011) +
    Without user consent, Facebook announced today that it would post archived user information, making old posts available under Facebook's current downgraded privacy settings. Users have just a week to clean up their history before Timeline goes live. The surprising announcement follows a recent decision by the Federal Trade Commission which found that the company had engaged in "unfair and deceptive" trade practices when it changed the privacy settings of its users. EPIC initiated that complaint and is now urging FB users to submit comments to strengthen the proposed settlement. For more information, see EPIC - In Re Facebook and EPIC - Facebook and Privacy.
  • Federal Trade Commission Announces Settlement in EPIC Facebook Privacy Complaint (Nov. 29, 2011) +
    The Federal Trade Commission has announced an agreement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. In 2009, the EPIC first asked the FTC to investigate Facebook's decision to change its users' privacy settings in a way that made users' personal information, such as Friend lists and application usage data, more widely available to the public and to Facebook’s business partners. The violations are also detailed in the FTC’s 8-count complaint against the company. The proposed settlement agreement bars Facebook from making future changes privacy settings without the affirmative consent of users and requires the company to implement a comprehensive privacy protection program and submit to independent privacy audits for 20 years. The settlement does not adopt EPIC's recommendation that Facebook restore users' privacy settings to pre-2009 levels. Facebook CEO Mark Zuckerberg reacted to the settlement in a post on Facebook's blog, saying that he was "first to admit that we've made a bunch of mistakes." For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • FTC Releases Agenda for Facial Recognition Workshop (Nov. 22, 2011) +
    The Federal Trade Commission has announced the agenda and panelists for a workshop exploring the privacy and security issues raised by the increased use of facial recognition technology. The workshop will be held December 8, 2011 at the FTC Conference Center, and will feature diverse panelists with consumer protection, privacy, business, international, and academic backgrounds. EPIC Senior Counsel John Verdi will speak on the panel "Facial Detection & Recognition: Exploring the Policy Implications." EPIC has a complaint pending before the FTC over Facebook's use of facial recognition technology to build a secret database of users' biometric data and to enable the company to automatically tag users in photos. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.
  • WSJ: Facebook Close to Settlement with FTC over EPIC Complaint (Nov. 10, 2011) +
    The Wall Street Journal reports that the Federal Trade Commission is finalizing a settlement with Facebook that follows from a complaint from EPIC and a coalition of US consumer and privacy organizations. In 2009, the organizations urged the Commission to investigate Facebook's decision to change its users' privacy settings which made the personal information of Facebook users more widely available to Facebook's business partners and the public. According to the Wall Street Journal, the settlement would require Facebook to obtain "express affirmative consent" if Facebook makes "material retroactive changes," and to submit to independent privacy audits for 20 years. For more information, see EPIC: In re Facebook, EPIC: Facebook Privacy and EPIC: Federal Trade Commission.
  • Sen. Rockefeller Requests FTC Report on Facial Recognition Technology (Oct. 20, 2011) +
    Senator John D. Rockefeller (D-WV) sent a letter requesting that the Federal Trade Commission assess the use of facial recognition technology and recommend legislation to protect privacy. Facial recognition technology is being used by technology firms and also police agencies, which has raised civil liberties concerns. The letter cited mobile applications such as SceneTap, which "tracks the male/female ratio and age mix of the crowd [in bars]" and digital advertising at the Venetian Resort in Las Vegas that tailors ads to the person standing in front of the display based on recognition of that person’s age and gender. The FTC will hold a workshop on facial recognition technology on December 8, 2011. EPIC's complaint regarding Facebook's facial recognition is still pending before the FTC. For more information, see EPIC: In re Facebook, and EPIC: Facial Recognition.
  • Facebook Makes Some Changes, Privacy Complaints Still Pending (Aug. 29, 2011) +
    In response to several complaints filed by EPIC with the Federal Trade Commission, Facebook announced that it would make some changes in its business practices, including providing more accurate information about the disclosure of user data to others and new safeguards for photo tagging. EPIC, along with several privacy organizations, filed several complaints with the FTC about FB's automated tagging of users, changes in Privacy settings, and transfers of personal data, stating that Facebook's practices were "unfair and deceptive." Facebook's recent actions address some but not all of the issues raised by the consumer organizations. The complaint at the FTC are still pending. For more information see EPIC: Facebook Privacy.
  • Facebook Makes Changes to Facial Recognition; Still Relying on Opt-Out (Jul. 27, 2011) +
    In response to a letter from the Connecticut Attorney General, Facebook agreed to run ads that link users to their privacy settings and show them how to opt-out of Facebook's facial recognition program. The ads are new, but Facebook has failed to implement an opt-in model for its facial recognition technology. EPIC, along with several other organizations, filed a complaint with the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices regarding biometric data collection. EPIC urged the FTC to require Facebook to suspend the program pending a full investigation. EPIC also urged the Commission to require Facebook to establish stronger privacy safeguards and an opt-in regime for the facial recognition scheme. For more information, see EPIC: In re Facebook and the Facial Identification of Users.
  • Congressman Markey Commends EPIC, Privacy Groups for Filing Facebook Complaint (Jun. 14, 2011) +
    Congressman Ed Markey today expressed support for the complaint filed last week by EPIC and privacy groups concerning Facebook's new scheme for online tagging. In a published statement, Congressman Markey said, "The Federal Trade Commission should investigate this important privacy matter, and I commend the consumer groups for their filing. When it comes to users’ privacy, Facebook’s policy should be: 'Ask for permission, don’t assume it.' Rather than facial recognition, there should be a Facebook recognition that changing privacy settings without permission is wrong. I encourage the FTC to probe this issue and will continue to closely monitor this issue." EPIC and consumer groups now have several complaints regarding Facebook pending at the FTC. For more information, see EPIC - In re Facebook and EPIC - In re Facebook II, and EPIC - Facebook and Privacy.
  • EPIC Files Complaint, Urges Investigation of Facebook's Facial Recognition Techniques (Jun. 10, 2011) +
    Today EPIC, and several privacy organizations, filed a complaint with the Federal Trade Commission about Facebook's automated tagging of Facebook users. EPIC alleged that the service was unfair and deceptive and urged the FTC to require Facebook to suspend the program, pending a full investigation, the establishment of stronger privacy standards, and a requirement that automated identification, based on user photos, require opt-in consent. EPIC alleged that "Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook." EPIC warned that "absent injunctive relief by the Commission, Facebook will likely expand the use of the facial recognition database it has covertly established for purposes over which Facebook users will be able to exercise no meaningful control." EPIC has previously filed two complaints with the Commission regarding Facebook. For more information see EPIC: Facebook Privacy.
  • Facebook Resumes Plan to Disclose User Home Addresses and Mobile Phone Numbers (Mar. 2, 2011) +
    Facebook indicated in a letter to Rep. Markey (D-MA) and Rep. Barton (R-TX) that it will go forward with a proposal to provide users' addresses and mobile phone numbers to third-party application developers. The Congressman earlier expressed concern about the proposal. Facebook also wrote that it may disclose the home addresses and mobile numbers of minors who use the social networking service. Facebook suspended the plan after EPIC and others objected. EPIC and several consumer organizations have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In re Facebook, EPIC: In re Facebook II, and EPIC: Facebook Privacy.
  • Congressman Barton and Markey Challenge Facebook on Disclosure of Home Addresses, Mobile Phone Numbers (Feb. 2, 2011) +
    A letter from Rep. Ed Markey (D-MA) and Rep. Joe Barton (R-TX) to Mark Zuckerberg asks about Facebook's plans to make users' addresses and mobile phone numbers available to websites and application developers. Facebook suspended the plan after EPIC and others objected. EPIC Executive Director Marc Rotenberg said that "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." EPIC, and several consumer organizations, have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.
  • Facebook Drops Plan to Disclose Users' Home Addresses and Personal Phone Numbers (Jan. 18, 2011) +
    Facebook has retreated from its decision to allow third-party access to users home addresses and phone numbers. Facebook backed off after criticism of the new policy, but said it would go forward once it has made further changes. EPIC Executive Director Marc Rotenberg said "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." EPIC, and several consumer organizations, have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.
  • Congressmen Question Facebook About Latest Privacy Breach (Oct. 20, 2010) +
    Congressmen Ed Markey (D-MA) and Joe Barton (R-TX) sent a letter to Facebook about the news that Facebook's business partners transmitted personal user data to advertising and internet tracking companies in violation of the company's policy. EPIC has two complaints pending at the Federal Trade Commission regarding Facebook's unfair and deceptive trade practices. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.
  • Facebook "Places" Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users (Aug. 19, 2010) +
    The recently announced Facebook service Places makes user location data routinely available to others, including Facebook business partners, regardless of whether users wish to disclose their location. There is no single opt-out to avoid location tracking; users must change several different privacy settings to restore their privacy status quo. For users who do not want location information revealed to others, EPIC recommends that Facebook users: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited." EPIC, joined by many consumer and privacy organizations, has two complaints pending at the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices, which are frequently associated with new product announcements. For more information, see EPIC In Re Facebook, EPIC In Re Facebook II, and EPIC Facebook Privacy.
  • Federal Trade Commission Takes Action Against Twitter, Social Network Service Settles Charges It Deceived Consumers (Jun. 24, 2010) +
    The FTC announced a significant enforcement action today. The Commission's complaint against Twitter charged that "serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter." The FTC found that the lax practices allowed access to nonpublic tweets even though the company assured users in its privacy policy that it was "very concerned about safeguarding the confidentiality of your personally identifiable information." Under the terms of the settlement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information." EPIC has two complaints currently pending at the FTC concerning similar practices by Facebook, another social networking service. For more information, see EPIC - Facebook Privacy, EPIC - In re Facebook I, and EPIC - In re Facebook II.
  • Congress Pursues Investigation of Google and Facebook's Business Practices (Jun. 1, 2010) +
    Following similar letters from other Congressional leaders, the head of the House Judiciary Committee has asked Google Inc. and Facebook to cooperate with government inquiries into privacy practices at both companies. Rep. Conyers (D-MI) noted that Google's collection of user data "may be the subject of federal and state investigations" and asked Google to retain the data until "such time as review of this matter is complete." Rep. Conyers also asked Facebook to provide a detailed explanation regarding its collection and sharing of user information. The House Judiciary Committee is expected to hold hearings on electronic privacy later this year. For more information, see EPIC: Facebook Privacy, EPIC: In re Facebook II, and EPIC: Search Engine Privacy.
  • Facebook Expected to Announce Privacy Changes (May. 25, 2010) +
    Following a recent column in the Washington Post by Facebook CEO Mark Zuckerberg, the company is expected to announce new, simplified privacy settings this week.  EPIC objected to the last several rounds of changes that Facebook made, filing a complaint with the FTC in December when the company reclassified much of users' data as "publicly available information," a supplement to that complaint in January, and another complaint this month when Facebook forced users' profile information to become publicly available links instead of private data.  For more information, see EPIC: Facebook, EPIC: In re Facebook, and EPIC: In re Facebook II.
  • New Facebook Privacy Complaint Filed with Trade Commission (May. 5, 2010) +
    Today, EPIC and 14 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection law. The complaint states that changes to user profile information and the disclosure of user data to third parties without consent "violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The complaint also cites widespread opposition from Facebook users, Senators, bloggers, and news organizations. In a letter to Congress, EPIC urged the Senate and House Committees with jurisdiction over the FTC to monitor closely the Commission's investigation. The letter noted the FTC's failure to act on several pending consumer privacy complaints. For more information, see EPIC: Facebook Privacy.
  • Senators Oppose Facebook Changes, Schumer Urges Trade Commission to Regulate Social Network Services (Apr. 27, 2010) +
    Senators Charles Schumer (D-NY), Michael Bennet (D-CO), Mark Begich (D-AK), and Al Franken (D-MI) have sent a letter to Facebook CEO Mark Zuckerberg to express concern about "recent changes to the Facebook privacy policy and the use of personal data by third-party websites." Senator Schumer has also asked the Federal Trade Commission to establish guidelines for social networking sites. The Senators' statements came after Facebook announced it would disclose user data to websites without consent. Senator Schumer stated "Previously, users had the ability to determine what information they chose to share and what information they wanted to keep private." EPIC has filed a complaint and with the FTC about the recent changes to Facebook's privacy settings. For more information, see EPIC: Facebook Privacy and EPIC: In re Facebook.
  • EPIC’s Facebook Complaint of "particular interest" to FTC (Jan. 19, 2010) +
    The FTC has sent a letter to EPIC regarding the December 2009 complaint, submitted by privacy organizations, about Facebook’s recent changes to user privacy settings. In the letter, the Bureau of Consumer Protection Director states that the complaint “raises issues of particular interest” for the FTC. Further, Vladeck stresses the importance of providing “transparency about how this data is being handled, maintained, shared, and protected . . . .” The Commission, however, cannot confirm or deny whether an investigation has been launched. The letter came one day before EPIC filed a supplemental complaint regarding Facebook’s privacy practices. For more information, see EPIC: In re Facebook.
  • Privacy Groups File Amended Complaint regarding Facebook (Jan. 14, 2010) +
    EPIC and several other groups filed a supplement to the groups' original complaint with the Federal Trade Commission concerning Facebook’s recent privacy changes. The new complaint provides additional evidence of Facebook’s unfair and deceptive trade practices relating to Facebook CEO's public statements, the most recent version of the Facebook for iPhone application, Facebook Connect, and "web-suicide" applications. The complaint also offers numerous examples of media stories and blog posts in support of an investigation by the Federal Trade Commission into Facebook’s unfair and deceptive trade practices. For more information, see EPIC: In re Facebook.
  • EPIC Seeks Facebook Communications Detailing Privacy Changes (Dec. 29, 2009) +
    EPIC filed a Freedom of Information Act (FOIA) request with the Federal Trade Commission (FTC), seeking communications with Facebook discussing the site’s recent privacy changes. In November and December 2009, Facebook made several changes to the website’s privacy policy and settings. In response to these changes, which no longer allow users to control the visibility of certain types of information, EPIC submitted a complaint to the FTC, alleging Facebook is engaging in “unfair and deceptive practices.” Facebook spokespersons issued a statement shortly after the complaint was filed, asserting, “We discussed the privacy program with many regulators, including the F.T.C., prior to launch.” EPIC requested documents pertaining to the communications Facebook allegedly had with the federal agency. For more information, see EPIC: In re Facebook.
  • EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission (Dec. 17, 2009) +
    EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Facebook’s revised privacy settings. The EPIC complaint, signed by nine other privacy and consumer organizations, states that the  "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." EPIC cites widespread opposition from Facebook users, security experts, bloggers, and news organizations. A previous EPIC complaint to the FTC, concerning the data broker industry, produced the largest settlement in the FTC's history.  For more information, see EPIC: In re Facebook, Frequently Asked Questions Regarding EPIC's Facebook Complaint, and EPIC Facebook Privacy. EPIC PRESS RELEASE.
  • Facebook Asks Users to Review Privacy Settings, Recommends Privacy Options, Questions Remain (Dec. 9, 2009) +
    Facebook is asking users to review and update their privacy settings. However, the privacy recommendations, suggested by Facebook, may result in greater disclosure than users intend. Facebook faces ongoing privacy scrutiny following Beacon, proposed changes to the Terms of Services, and a settlement now pending in California. EPIC has urged Facebook to respect user privacy settings. EPIC is also defending the privacy rights of Facebook users who participated in Beacon. For more information, see EPIC: Facebook Privacy.

Background

Facebook timelineFrom 2009 to 2011, EPIC and a coalition of consumer organizations pursued several complaints with the Federal Trade Commission, alleging that Facebook had changed user privacy settings and disclosed the personal data of users to third parties without the consent of users. EPIC conducted extensive research and documented the instances of Facebook overriding the users’ privacy settings to reveal personal information and to disclose, for commercial benefit, user data, and the personal data of friends and family members, to third parties without their knowledge or affirmative consent.

2011 FTC Investigation

In response to a complaint from EPIC and consumer privacy organizations, the FTC launched an extensive investigation into Facebook’s policies and practices. The FTC and issued a Preliminary Order against Facebook in 2011 and then a Final Order in 2012. The Final Order bars Facebook from making any future misrepresentations about the privacy and security of a user’s personal information, requires Facebook to establish a comprehensive privacy program, requires Facebook to remove user information within thirty days after a user deletes an account, requires Facebook to obtain a user’s express consent before enacting changes its data sharing methods, and requires Facebook to have an independent privacy audit every two years. According to the FTC, the Final Order will remain in effect for 20 years.

Cambridge Analytica

Cambridge Analytica is a U.K.-based data analytics consulting firm that offers services for political campaigns. Cambridge Analytica specializes in “psychographic” profiling, which uses data collected online to identify personalities of voters and influence voter behavior through targeted advertising. The data analytics firm gathers information through data mining, data brokerage, and data analysis. Cambridge Analytica is an offshoot of the parent company SCL Group and is partly owned by billionaire Robert Mercer, a major donor to President Trump’s 2016 presidential campaign. The data analytics firm has been involved in a number of political races, including Donald Trump’s presidential campaign.

Cambridge Analytica’s Data Harvesting

In 2013, a Cambridge University researcher named Dr. Aleksandr Kogan created a personality quiz application called “thisisyourdigitallife” that asked Facebook users to fill out a questionnaire for $1-2. Dr. Kogan’s application would collect the user’s personal Facebook information for “academic purposes” and also subsequently scrape private information from the profiles of their Facebook friends. The data collected included details on user identities, their residences, their friend networks, and “likes.”

In 2014, Cambridge Analytica and Dr. Kogan entered into a contract premised on the harvest and processing of the user data. Dr. Kogan violated Facebook’s terms of service and transferred the user data to Cambridge Analytica without Facebook users’ knowledge or consent. At the time, Facebook permitted such activity but has since banned it.

In April 2014, Facebook announced plans to upgrade its platform to restrict access to friends data by third party applications by 2015. Third party applications, however, did not have to delete the data they already obtained prior to the 2015 platform upgrade.

From 2014 to 2016, Cambridge Analytica engaged in the illicit collection of data of up to 87 million users. Under Facebook’s current terms of service, data collected by third party applications cannot be sold or transferred to outside parties. Investigative reports allege that the data analytics firm harvested the data to develop techniques to target voters in the 2016 presidential election, including an algorithm that could analyze individual Facebook profiles and determine voting behavior.

Cambridge Analytica whistleblower Christopher Wylie states “We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”

Facebook learned about the data harvesting in 2015 but did not publicly acknowledge the incident until three years later. Facebook suspended both Cambridge Analytica and Dr. Kogan after learning from the New York Times and the Guardian’s Observer that they allegedly had not destroyed the data.

Facebook’s Response and Criticisms

After the Cambridge Analytica news reports surfaced, Facebook has come under heavy scrutiny for its privacy practices and mishandling of user data. Facebook responded to the scandal by introducing a three-step plan to prevent platform abuse:

  1. Conduct a full audit of applications with suspicious activity and ban any developer that has misused personally identifiable information
  2. Restrict developer’s access to data such as removing the data if a user has not used their application in 3 months
  3. Add a new tool on the top of user’s news feed that enables users to see which applications they have used and revoke a third party application’s data access

The social media giant also is expanding its bug bounty program to reward those who find misuses of data by third party application developers as well as notify users if third party applications misused their data. Facebook chief executive Mark Zuckerberg called the illicit data harvesting a “major breach of trust” with users.

Facebook’s efforts to mitigate the damage from the Cambridge Analytica fallout has not convinced critics. The hashtag #DeleteFacebook trended on Twitter with supporters such as Tesla and SpaceX chief executive Elon Musk and WhatsApp co-founder Brian Acton supporting the social media outcry for users to delete their Facebook accounts. The protest hashtag, however, did not have a significant impact on the social networking platform according to Facebook. The company’s stock plummeted by nearly 7% the Monday after the Cambridge Analytica scandal broke.

Congressional Pressures on Facebook

Lawmakers swiftly demanded answers from Facebook after the Cambridge Analytica scandal, namely for Mark Zuckerberg to testify and explain how the information of 87 million users ended up in the possession of a data analytics firm tied to President Trump’s 2016 campaign.

In a joint letter to Facebook, Senate Commerce Committee Chairman Senator John Thune (R-S.D.), Senator Roger Wicker (R-Miss.) and Senator Jerry Moran (R-Kan.) wrote, “the possibility that Facebook has either not been transparent with consumers or has not be able to verify that third party app developers are transparent with consumers is troubling.” Similarly, Senator Ron Wyden (D-Or.) stated that the ease in which Cambridge Analytica was able to exploit Facebook’s privacy settings and harvest user data “for profit and political gain throws into question not only the prudence and desirability of Facebook’s business practices and the dangers of monetizing consumer’s private information, but also raises serious concerns about the role Facebook played in facilitating and permitting the covert collection and misuse of consumer information.” In a letter to the Senate Commerce Committee, Senator Edward Markey (D-Mass.) said “in light of these allegations, and the ongoing Federal Trade Commission (FTC) consent decree that requires Facebook to obtain explicit permission before sharing data about its users, the Committee should move quickly to hold a hearing on this incident, which has allegedly violated the privacy of tens of millions of Americans." Senator Amy Klobuchar (D-Minn.) stated, “this is a major breach that must be investigated. It’s clear these platforms can’t police themselves.”

After pressure from lawmakers, Mark Zuckerberg testified publicly before a joint hearing of two Senate committees as well as before a House committee. Mark Zuckerberg testified before both the Senate Judiciary and Senate Commerce Committees on April 10, 2018 and the House Energy and Commerce Committee on April 11, 2018.

Investigations in the U.S. and Abroad

United States

Following scrutiny over Facebook’s role in the data mishandling of up to 87 million users, the Federal Trade Commission announced on March 26, 2018, that it is investigating whether Facebook violated its 2012 Consent Order. Acting Direct Tom Pahl stated, “Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook.”

In a letter to Facebook, 41 state and territory attorney generals demanded Mark Zuckerberg to answer a series of questions concerning Facebook’s policies and practices. Additionally, several state attorney generals have have opened both joint and independent investigations into Facebook’s involvement with Cambridge Analytica - including Massachusetts, New York, New Jersey, and Missouri. Moreover, it has been reported that the Department of Justice’s Special Counsel Robert Mueller has requested emails from Cambridge Analytica as part of his investigation into the Russian interference of the 2016 Presidential Election.

United Kingdom and Europe

Lawmakers in the United Kingdom are calling for an investigation into Cambridge Analytica’s role in disinformation, its exploitation of personal data, and its participation in the Brexit campaign. Cambridge Analytica whistleblower Christopher Wylie provided oral evidence before a British parliamentary select committee that the European Union referendum would not have resulted in the same outcome had there not been “cheating.”

The U.K. Parliament’s Digital, Culture, Media and Sport Committee asked Mark Zuckerberg to appear before the panel to answer questions regarding how Cambridge Analytica acquired Facebook user data without their consent. Mark Zuckerberg, however, refused to testify before U.K. Members of Parliament.

The British Information Commissioner launched an investigation into the use of data analytics for political purposes of 30 organizations, including Facebook. According to Commissioner Elizabeth Denham, the office is “looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica.” On March 23, 2018, the British Information Commissioner executed a warrant to inspect the Cambridge Analytica’s London office.

In Europe, President of the European Parliament Antonio Tajani tweeted that “allegations of misuse of Facebook user data is an unacceptable violation of our citizens’ privacy rights” and that the EU parliament will “investigate fully.”

Australia

On April 5, 2018, the Australian Information Commissioner opened a formal investigation into Facebook, following confirmation that over 300,000 Australian’s data may have been improperly shared with Cambridge Analytica.

Canada

On March 20, 2108, the Privacy Commissioner of Canada announced that it opened a formal investigation into Facebook. Privacy Commissioner of Canada Daniel Therrien states “Allegations about the misuse of the personal information of 50 million Facebook users are shaking the very foundation on which our digital economy is based. Not only is consumer trust at risk, so too is trust in our democratic processes.”

EPIC’s Work

FOIA

Policy

Resources

News

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security