This article is more than 1 year old

Zuck it up: Facebook hit with triple whammy of legal probes, action in Canada, US, Ireland

Ignoring privacy laws, storing plain text passwords, slurping millions of contact details come back to bite web giant

Here's a triple Thursday whammy: Facebook has been accused of breaking Canada’s privacy laws, and is being investigated in the US and Ireland for seemingly mishandling people's private data.

The Office of the Privacy Commissioner of Canada (OPC) launched an official inquiry into Zuck’s empire in March 2018 following the Cambridge Analytica scandal in which 87 million Facebook profiles were harvested, via a harmless-looking third-party quiz app, for political ad targeting.

Fast forward to this week, and OPC has emitted a report from that investigation: it concludes that Facebook ran roughshod over Canada’s privacy laws by failing to obtain proper consent from its users to ultimately share that profile data with Cambridge Analytica, and failing to protect user information. Now, OPC wants to take Facebook to court to, hopefully, force it to comply with Canadian law.

“Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company,” Daniel Therrien, Privacy Commissioner of Canada, said in a statement. “Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.

The US tech giant apparently refused to play ball with the Canadian watchdog while it was drawing up its report, snubbing its recommendations and findings, leading to the OPC's decision to haul the business into court to force it to follow the law. “It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions,” said Therrien.

Facebook, on the other hand, claimed it had cooperated with the regulator, and was in negotiations to settle the matter before it got to court.

It’s not the only battle that Facebook will have to face. Over in America, the New York Attorney General Letitia James announced that her office will be launching a probe into a separate Facebook fracas.

Last week, Zuck's bunch admitted siphoning contacts books from 1.5 million people's email accounts without permission, snaring potentially hundreds of millions of netizens' contact details as a result. Folks signing up to use the social network were asked to hand over their email account passwords so the site could verify automatically that the accounts were valid, during which it also hoovered up all the contacts' details it could from those inboxes.

Facebook CEO Mark Zuckerberg

Facebook: We're just putting $3bn profit aside for an FTC privacy fine


Meanwhile, across the Pond, Ireland’s Data Protection Commission declared an investigation into Facebook’s practices to see whether they violate Europe's GDPR. And what’s more, it’s for a separate incident: logging hundreds of millions of user account passwords in plain text in its servers.

“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers," the Emerald Isle's watchdog said in a statement.

"We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR."

Facebook's latest financial figures showed it was stowing away at least $3bn of its profits, half of its net income for the first quarter of the year, for a hefty fine from the Federal Trade Commission, America’s privacy watchdog. However, after Thursday’s bombshells, it looks as though $3bn may not be enough.

A spokesperson for Facebook, which has been hiring loads of digital privacy experts recently to fight its corner, was not available for comment. ®

More about


Send us news

Other stories you might like