The Data Protection Practitioner’s Conference in April 2019 featured a guest speaker, Mark Rotenberg. Mark is a US privacy and rights lawyer. He has given evidence to congress on 60 occasions, and is involved in an organisation which lobbies and campaigns in the US for privacy and democracy.
A lot of Mark’s speech was about the privacy battles with Facebook. Initially Facebook users were set against Facebook’s business partners who wanted free rein to mine personal data on Facebook for their own marketing purposes. By 2011 the Federal Trade Commission were involved and obtained an order covering the following and more:
- To bar Facebook from making misrepresentations about data use
- To require Facebook to obtain express consent to the use of personal data
- To require Facebook to protect data from third parties
- To require Facebook to establish and maintain a comprehensive privacy programme designed to control and manage risks associated with changes to terms of service
- To commit Facebook to an audit programme.
The FTC proved reluctant to enforce the order initially but now in 2019 we see the massive fine against Facebook. It has been a long time coming and required the dedication of privacy rights groups in the US to get it over the line. However any attempt to show this as retribution for a security breach, some of the articles I have read recently do that, is wrong. It is a punishment for deliberate, repeated, breaches of privacy standards.
Mark Rotenberg actually said that what the campaigners want is not necessarily a fine. The view of the US lobby group is that a fine would put pressure on Facebook to recover its losses by more marketing activity. What they want is control, to reform how Facebook operates. They also want the acquisition of Instagram and Whatsapp to be reviewed and, if possible, unravelled, fearing that Facebook’s systemic privacy breaches will infect those services.
The Facebook scandal is unlikely to end here. There is commitment from both sides to a long, protracted battle of wills.
Mandy P Webster, Data Protection Consultant