Facebook and Privacy: A Race to the Bottom

Jun 20, 2018

“No other single company has done more to erode consumer privacy than Facebook.” Those words were written by Ashkan Soltani , a former Chief Technology Officer (CTO) for the Federal Trade Commission (FTC). He should know.

Soltani is intimately familiar with Facebook’s privacy practices. In 2011, Facebook agreed to a Consent Order with the FTC in connection with its  complaint  against Facebook for violating user privacy. Soltani was the FTC’s CTO at that time.

Yesterday, Soltani testified at a hearing held by the U.S. Senate Committee on Commerce, Science and Transportation; more specifically, its Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. The hearing was entitled, “Cambridge Analytica and Other Facebook Partners: Examining Data Privacy Risks.” The hearing was held to follow-up on Facebook CEO Mark Zuckerberg’s earlier testimony so the Committee would be able to “focus on the collection and use of social media data, the privacy concerns raised in the wake of the Cambridge Analytica/Facebook scandal, and potential steps to protect consumers.”

Soltani’s written testimony to the Committee makes some troubling points about online privacy in general and Facebook in particular. Among those points:

  • The current “notice and choice” approach to user privacy doesn’t work. It’s common knowledge that few people read online privacy policies and those that do don’t understand them. Even Zuckerberg admitted during his testimony that he doesn’t expect Facebook users to read the company’s data policy. In fact, the only real choice consumers have is to accept a website’s privacy and data practices or not use the services it’s offering. Data and privacy terms are presented on a take-it-or-leave-it basis. They are not negotiable. In the case of Facebook, users have to either agree to the company’s data practices or choose not to have a Facebook account.
  • According to Soltani, “Facebook’s business practices have driven the entire online advertising industry to adopt increasingly invasive online tracking practices in what amounts to a “race to the bottom for privacy.” Soltani describes how Google’s equally invasive privacy practices resulted from its perceived need to compete with Facebook for online advertising revenue.
  • Facebook employs a privacy policy of “Two Steps Forward, One Step Back.” In the 2011 Consent Order, Facebook settled charges that it had engaged in a number of deceptive privacy practices that mislead its users. But Facebook has faced few if any repercussions for its misconduct. According to Soltani and many other observers, Facebook’s recent conduct in connection with the Cambridge Analytica scandal violates the terms it agreed to in the Consent Order. In fact, the FTC is reportedly conducting its own investigation into the incident.
  • Facebook repeatedly engages in “privacy for sale” walkbacks. Soltani points to the Cambridge Analytica scandal as a recent example. He notes that the company initially responded to the scandal by “banishing” all data brokers from its platform. But then it quickly – and predictably – did an about-face when big marketers threatened to pull their advertising.
  • While Facebook doesn’t sell user data to third party app developers, it gives them access to data as a reward for creating apps.

What’s the solution? Soltani’s suggests new federal regulations designed to protect online privacy. In his words, “[t]he government must take meaningful action to prevent Facebook and other Internet giants from causing lasting harm to American discourse and democracy.” To have the desired effect, privacy legislation will need to “address many of the key problems facing consumers online: lack of meaningful consent, inadequate data security practices, and a lack of any real transparency from large online companies.”

 

 

Share by: