Zuck it up: Facebook hit with triple whammy of legal probes, action in Canada, US, Ireland

Ignoring privacy laws, storing plain text passwords, slurping millions of contact details come back to bite web giant


Here's a triple Thursday whammy: Facebook has been accused of breaking Canada’s privacy laws, and is being investigated in the US and Ireland for seemingly mishandling people's private data.

The Office of the Privacy Commissioner of Canada (OPC) launched an official inquiry into Zuck’s empire in March 2018 following the Cambridge Analytica scandal in which 87 million Facebook profiles were harvested, via a harmless-looking third-party quiz app, for political ad targeting.

Fast forward to this week, and OPC has emitted a report from that investigation: it concludes that Facebook ran roughshod over Canada’s privacy laws by failing to obtain proper consent from its users to ultimately share that profile data with Cambridge Analytica, and failing to protect user information. Now, OPC wants to take Facebook to court to, hopefully, force it to comply with Canadian law.

“Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company,” Daniel Therrien, Privacy Commissioner of Canada, said in a statement. “Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.

The US tech giant apparently refused to play ball with the Canadian watchdog while it was drawing up its report, snubbing its recommendations and findings, leading to the OPC's decision to haul the business into court to force it to follow the law. “It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions,” said Therrien.

Facebook, on the other hand, claimed it had cooperated with the regulator, and was in negotiations to settle the matter before it got to court.

It’s not the only battle that Facebook will have to face. Over in America, the New York Attorney General Letitia James announced that her office will be launching a probe into a separate Facebook fracas.

Last week, Zuck's bunch admitted siphoning contacts books from 1.5 million people's email accounts without permission, snaring potentially hundreds of millions of netizens' contact details as a result. Folks signing up to use the social network were asked to hand over their email account passwords so the site could verify automatically that the accounts were valid, during which it also hoovered up all the contacts' details it could from those inboxes.

Facebook CEO Mark Zuckerberg

Facebook: We're just putting $3bn profit aside for an FTC privacy fine

READ MORE

Meanwhile, across the Pond, Ireland’s Data Protection Commission declared an investigation into Facebook’s practices to see whether they violate Europe's GDPR. And what’s more, it’s for a separate incident: logging hundreds of millions of user account passwords in plain text in its servers.

“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers," the Emerald Isle's watchdog said in a statement.

"We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR."

Facebook's latest financial figures showed it was stowing away at least $3bn of its profits, half of its net income for the first quarter of the year, for a hefty fine from the Federal Trade Commission, America’s privacy watchdog. However, after Thursday’s bombshells, it looks as though $3bn may not be enough.

A spokesperson for Facebook, which has been hiring loads of digital privacy experts recently to fight its corner, was not available for comment. ®


Other stories you might like

  • Tim Hortons collected location data constantly, without consent, report finds
    Hortons hears a sue

    From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

    In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

    That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

    Continue reading
  • Behind Big Tech's big privacy heist: Deliberate obfuscation
    You opted out, but you didn't uncheck the box on page 24, so your data's ours...

    Opinion "We value your privacy," say the pop-ups. Better believe it. That privacy, or rather taking it away, is worth half a trillion dollars a year to big tech and the rest of the digital advertising industry. That's around a third of a percent of global GDP, give or take wars and plagues. 

    You might expect such riches to be jealously guarded. Look at what those who "value your privacy" are doing to stop laws protecting it, what happens when a good law  gets through, and what they try to do to close it down afterwards. 

    The best result for big tech is if laws are absent or useless. The latest survey of big tech lobbying in the US reveals a flotilla of nearly 500 salespeople/lawyers touring the US state legislatures, trying to either draw up tech friendly legislation to insert into privacy bills, water then down through persuasion, or just keep them off the books.

    Continue reading
  • Zuckerberg sued for alleged role in Cambridge Analytica data-slurp scandal
    I can prove CEO was 'personally involved in Facebook’s failure to protect privacy', DC AG insists

    Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal. 

    DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.

    That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck. 

    Continue reading

Biting the hand that feeds IT © 1998–2022