Facebook 'Repeatedly' Violated Privacy Order, Misled Parents, FTC Charges

The Federal Trade Commission is accusing Facebook of "repeatedly" violating a 2020 privacy order and misleading parents about their ability to control their children's contacts through its Messenger Kids app.

The agency also said that Facebook misrepresented the access it provided some app developers to private user data.

“The company’s recklessness has put young users at risk, and Facebook needs to answer for its failures,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.

The FTC is proposing to prohibit Facebook and its parent company, Meta, from profiting from data it collects, including through its virtual reality products, from users under the age of 18. It would also be subject to other expanded limitations, including in its use of facial recognition technology, and required to provide additional protections for users.

Third violation

This is the third time the FTC has taken action against Facebook for allegedly failing to protect users’ privacy.

The Commission first filed a complaint against Facebook in 2011, and secured an order in 2012 barring the company from misrepresenting its privacy practices.

The, according to a subsequent complaint, Facebook violated the first FTC order within months of it being finalized – engaging in misrepresentations that helped fuel the Cambridge Analytica scandal.

In 2019, Facebook agreed to a second order—which took effect in 2020—resolving claims that it violated the FTC’s first order. Today’s action alleges that Facebook has violated the 2020 order, as well as the Children’s Online Privacy Protection Act Rule (COPPA Rule).

$5 billion fine

The 2020 privacy order required Facebook to pay a $5 billion civil penalty. The 2020 order also expanded the required privacy program, as well as the independent third-party assessor’s role in evaluating the effectiveness of Facebook’s program.

The independent assessor identified several gaps and weaknesses in Facebook’s privacy program, according to the Order to Show Cause, in which the Commission notes that the deficiencies pose substantial risks to the public.

The Order to Show Cause also alleges that Facebook violated both the 2012 and 2020 orders by continuing to give app developers access to users’ private information after promising in 2018 to cut off such access if users had not used those apps in the previous 90 days. In certain circumstances, Facebook continued to allow third-party app developers to access that user data until mid-2020.

Messenger Kids issues

In addition, the FTC has asked the company to respond to allegations that, from late 2017 until mid-2019, Facebook misrepresented that parents could control whom their children communicated with through its Messenger Kids product.

Despite the company’s promises that children using Messenger Kids would only be able to communicate with contacts approved by their parents, children in certain circumstances were able to communicate with unapproved contacts in group text chats and group video calls.

The FTC says these misrepresentations violated the 2012 order, the FTC Act and the COPPA Rule. Under the COPPA Rule, operators of websites or online services that are directed to children under 13 must notify parents and obtain their verifiable parental consent before collecting personal information from children.

Today’s action is the first step in the process. Meta hs 30 days to respond to the allegations.