Coalition of Attorneys General Demand Answers About Facebook’s Privacy Practices, FTC Confirms Investigation

Data of at least 50 million Facebook users may have been misused by third-party software developers

Coalition of Attorneys General Demand Answers About Facebook’s Privacy Practices, FTC Confirms Investigation
Image: NCCC
March 26, 2018

North Carolina Attorney General Josh Stein today joined a bipartisan coalition of 37 state and territory Attorneys General in demanding answers from Facebook CEO Mark Zuckerberg about the company's business practices and privacy protections.

50 million Facebook Users Impacted

The Attorneys General point to reports that the data of at least 50 million Facebook users may have been misused by third-party software developers.

"Data privacy is extremely important to North Carolinians," said Attorney General Stein. "When people sign up for Facebook and use the platform, they're not handing over a blank check on their privacy. That is why I am demanding answers. I will do everything I can to ensure that nothing like this happens again."

Questions to Mark Zuckerberg

The letter raises a series of questions about Facebook's policies and practices—which the Attorneys General say allowed developers to access the personal data of "friends" of people who used certain applications—without the knowledge or consent of those users.

The letter poses the following questions to Zuckerberg:

  • Were those terms of service clear and understandable?
  • How did Facebook monitor what these developers did with all the data that they collected?
  • What type of controls did Facebook have over the data given to developers?
  • Did Facebook have protective safeguards in place, including audits, to ensure developers were not misusing the Facebook user's data?
  • How many users in the states of the signatory Attorneys General were impacted?
  • When did Facebook learn of this breach of privacy protections?
  • During this timeframe, what other third party "research" applications were also able to access the data of unsuspecting Facebook users?

"Facebook apparently contends that this incident of harvesting tens of millions of profiles was not the result of a technical data breach; however, the reports allege that Facebook gave away the personal data of users who never authorized these developers to obtain it, and relied on terms of service and settings that were confusing and perhaps misleading to its users," the Attorneys General write in the letter.

Facebook's Full cooperation Expected

The Attorneys General say that they expect Facebook's full cooperation, including a full accounting of what transpired and the answers to the questions raised in the letter.

View the letter

FTC Investigation

Also today, the Federal Trade Commission (FTC) confirmed that it is looking into concerns regarding Facebook's privacy practices.

Tom Pahl, Acting Director of the FTC's Bureau of Consumer Protection, issued the following statement:

"The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices."