Did Facebook Violate An FTC Privacy Order When It Did Business With Cambridge Analytica?

Recent news stories about Facebook providing personal information to the data broker Cambridge Analytica raise a question: Is Facebook in violation of a 2011 Privacy Order with the Federal Trade Commission? We've joined leading consumer and privacy groups in a letter to the FTC raising issues for an investigation.

Recent news stories (Washington Post)  about Facebook providing personal information to the data broker Cambridge Analytica raise a question: Is Facebook in violation of a 2011 Privacy Order (consent decree) with the Federal Trade Commission? Did it share information without clear consent from consumer users? That consent order was negotiated partly due to previous concerns with the social network’s constant changing of its privacy controls. We’ve joined leading consumer and privacy groups in a letter to the FTC asking for a detailed investigation.

Two former FTC Directors of its Bureau of Consumer Protection have raised similar questions. One of them, David Vladeck, has told numerous papers, including, for example, the New York Times: “There are all sorts of obligations under the consent decree that may not have been honored here.”

Excerpt from the consumer and privacy group letter to the FTC:

“As the Facebook Order makes clear, Facebook must “get consumers’ approval before it changes the way it shares their data,” and must “obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences.” The FTC also barred Facebook from “making misrepresentations about the privacy or security of consumers’ personal information.” Yet Facebook’s business practices resulted in the disclosure of consumers’ “names, education, work histories, birthdays, likes, locations, photos, relationship statuses, and religious and political affiliations” to Cambridge Analytica without their knowledge or consent. In 2014, Facebook acknowledged that it allowed app developers to access profile information on an app users’ friends without the friends’ knowledge or consent, stating that consumers “are often surprised when a friend shares their information with an app.” Facebook’s admission that it disclosed data to third parties without users’ consent suggests a clear violation of the 2011 Facebook Order.”

Many consumers often wonder about their Facebook privacy controls, which seem to change a lot. How can they best protect their privacy? Brian Barrett at Wired Magazine warns in a post and video:

“Remember, it’s not just friends of friends you need to think about hiding from; it’s an army of advertisers looking to target you not just on Facebook itself, but around the web, using Facebook’s ad platform. In the video above and the post below, we’ll show you how to deal with both.”

We’ll be following this issue closely. While Facebook is certainly one of the largest platforms that collects and shares information about its users, it is not the only one.


Ed Mierzwinski

Senior Director, Federal Consumer Program, PIRG

Ed oversees U.S. PIRG’s federal consumer program, helping to lead national efforts to improve consumer credit reporting laws, identity theft protections, product safety regulations and more. Ed is co-founder and continuing leader of the coalition, Americans For Financial Reform, which fought for the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, including as its centerpiece the Consumer Financial Protection Bureau. He was awarded the Consumer Federation of America's Esther Peterson Consumer Service Award in 2006, Privacy International's Brandeis Award in 2003, and numerous annual "Top Lobbyist" awards from The Hill and other outlets. Ed lives in Virginia, and on weekends he enjoys biking with friends on the many local bicycle trails.

Find Out More