Latest audit faulted Facebook for failing to protect user privacy

Getty Images

An independent audit of Facebook between 2017 and February of this year found the company did not effectively implement privacy safeguards that were required under an agreement with federal regulators, according to documents obtained by The Hill on Friday.

Outside auditing firm PwC this year found Facebook was not following the government’s orders on privacy, which were laid out in a 2012 agreement between the Federal Trade Commission (FTC) and the company.

The FTC this week settled with Facebook over the same allegation, charging that Facebook had violated its obligations under the order by failing to establish a “reasonable” privacy program and hitting the company with a $5 billion fine.

{mosads}According to the report, counter to the 2012 order’s mandates, Facebook did not properly authorize the developers building products on its platform and had not implemented an “appropriate” procedure to deal with privacy-related incidents, among other conclusions.

“Management’s control was not appropriately designed and implemented to address intake, detection, handling, response, remediation, and reporting (as applicable) for all privacy incidents (e.g., misuse of user data by service providers or other third party misuse),” the PwC report reads.

PwC, also known as PricewaterhouseCoopers, noted it could not complete the investigation, but if it had, it would have concluded “that Facebook’s privacy controls were not operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information.”

The firm’s investigation, which was submitted to Facebook on June 6, was happening at the same time the FTC was looking into whether the company had violated the 2012 consent agreement.

PwC and Facebook declined to comment for this article.

The latest report comes after privacy groups lambasted PwC for its 2017 audit, which concluded that Facebook’s privacy controls were effective and provided “reasonable assurance” the company was protecting user privacy — even though, during that time, right-wing political consulting firm Cambridge Analytica improperly obtained a massive trove of user data that it used to profile American voters.

Marc Rotenberg, the president of the Electronic Privacy Information Center, in an email to The Hill noted that it seemed PwC in this year’s report backed “off its earlier representations” that “everything is going great” at Facebook.

The FTC this week announced it had found that Facebook deceived its users about their privacy protections while allowing third parties to harvest their data, alleging the company failed to stand up a “reasonable privacy program that safeguarded the privacy, confidentiality, and integrity of user information” as required under the 2012 agreement.

PwC’s report tracks with the FTC’s conclusions.

The Cambridge Analytica scandal, revealed last year, was the catalyst that prompted the FTC to reopen a privacy investigation into Facebook last year.

PwC in the report obtained by The Hill found that Facebook mismanaged the privacy training required for employees under the order and did not properly vet new products and features. 

Facebook  faced an avalanche of public scrutiny during the PwC’s investigation between 2017 and 2019. In March of 2018, the FTC publicly announced it was reopening the case against Facebook, and by the next month, Congress held multiple hearings with Facebook CEO Mark Zuckerberg.

Facebook agreed to pay $5 billion as part of the record settlement with the FTC this week. As part of the latest settlement, Facebook will have to create a privacy committee within its board of directors to review the company’s decisions and provide more oversight of Zuckerberg.

Privacy groups and bipartisan lawmakers have denounced the settlement as weak on Facebook, claiming it creates a “paper trail” rather than demanding any changes to Facebook’s core business model. The FTC’s settlement came along party lines, with both Democratic commissioners dissenting on the basis that it did not go far enough.

The FTC confirmed this week that it has opened up a separate antitrust investigation into Facebook.

The tech giant this week reported $16.9 billion in revenue during the second quarter of the year, signaling the regulatory scrutiny of the company has not hit its bottom line.

Updated July 27 at 11:30 a.m.

Tags Mark Zuckerberg

Most Popular

Load more


See all Video