Facebook, the world’s largest social media platform, is facing increased calls for government regulation and investigation after the disclosures that it shared private user data with third-party companies.
In apparent contrast with its earlier claims, the social media site has been sharing data from its Messenger app with outside companies ranging from Microsoft, Netflix and Amazon to the Spotify streaming music service.
Royal Bank of Canada, one of that country’s largest financial institutions, was granted access to Messenger data as well and confirmed to MPT that the information was used in connection to Facebook’s P2P funds transfer service.
Facebook has already been under investigation in the U.S. and U.K., following revelations that it shared private data of more than 87 million users with Cambridge Analytica, the political data analytics firm linked to the 2016 presidential campaign of Donald Trump.
Following the original revelations about the practices in The New York Times, Sen. Ron Wyden, D-Ore., issued a statement blasting top Facebook executives, noting that Facebook CEO Mark Zuckerberg testified before Congress that users of the social media network had complete control over how their data was used.
“When companies repeatedly lie to Congress and the American people about what they do with our messages, location, likes and everything else, Congress has a duty to do something about it,” he said in a statement issued on Wednesday. “I wrote a tough new consumer privacy bill to punish companies — and even put CEOs in jail — if they lie about protecting your privacy.”
He said that “clearly these people need some skin in the game” before they take consumer privacy seriously.
Facebook earlier this week told MPT that any member data that it shared was done with prior consent. The company also provided an updated blog post from Ime Archibong, vice president of product partnerships, who noted that the data sharing policies were publicly discussed.
Archibong linked to a 2013 release from RBC when the bank announced that it was the first North American financial institution to bring P2P electronic funds transfer capabilities to Messenger. In the release, the bank said that users of its mobile app can make an Interac e-transfer by simply selecting a friend or family member from the Messenger contact list.
Royal Bank issued a statement earlier this week saying it only used the access to identify the recipient of payments and confirm that the transaction was secure, denying that it was able see the content of user messages.
The Facebook report raised questions about whether the social media company was in violation of an earlier consent decree with the Federal Trade Commission that banned the company from disclosing private user data to outside companies.
Jim Dempsey, executive director of the Berkeley Center for Law and Technology, said in an interview that the biggest legal risk for Facebook is that the new disclosures may have indeed violated the FTC settlement.
“These companies were not service providers in the sense that was provided in the settlement,” Dempsey said in a phone interview. ‘These companies did not use the information at the direction of Facebook.”
In March, Tom Pahl, acting director of the FTC’s Bureau of Consumer Projection, issued a statement expressing serious concerns about the Cambridge Analytica reports and whether they may have violated the settlement. A spokesperson at the FTC declined to comment on the new disclosures.
John Simpson, privacy and technology project director at Consumer Watchdog, which focuses on major issues in the state of California, noted that saying the state’s landmark consumer privacy law would would have allowed consumers to block Facebook from sharing their private data. However the recently passed law doesn’t go into effect until 2020.
The Privacy Commissioner of Canada has been probing Facebook since March after the previous disclosures involving Cambridge Analytica.
Asked about the implications regarding Canadian privacy law, MPT was told “What I can tell you is we have an ongoing investigation with respect to Facebook and third-party applications,” spokesperson Anne-Marie Cenaiko said in a email.
She added that she could not reveal any additional information due to confidentiality provisions in that country’s federal privacy law, called the Personal Information Protection and Electronic Documents Act.
The Irish Data Protection Commission, where Facebook bases its European operations, confirmed to MPT that it was aware of the media reports about Facebook’s data sharing practices involving Messenger.
“We are currently assessing what steps, if any, are required,” spokesperson Aoife Mullen said in a email.
Consumer Watchdog issued a statement on Thursday saying the state’s landmark consumer privacy law would would have allowed consumers to block Facebook from sharing their private data.
David Jones is a veteran business and technology journalist, with three decades of experience writing about business travel, real estate and technology.
Since 2015 he covered a range of technology stories for the ECT News Network, which includes the E-Commerce Times, TechNewsWorld, LinuxInsider and CRM Buyer, writing about cybersecurity, artificial intelligence, machine learning, open source computing and privacy issues among others,. He recently covered FinTech issues for PYMNTS.com.
He worked as a staff writer for Bloomberg Business News and an online reporter for Crain’s New York Business. He has written for numerous media organizations, including Reuters, The New York Times, The Real Deal, Continental, City Limits and The Nation.
He was previously awarded the George Washington Williams Fellowship for Journalists of Color by the Independent Press Association.