Audit clears Facebook’s privacy practices despite Analytica leaks
AN audit of Facebook’s privacy practices for the US Federal Trade Commission (FTC) found no problems even though the company knew at the time that a data-mining firm improperly obtained private information from millions of users — raising questions about the usefulness of such audits.
Facebook agreed to outside audits every two years as part of a 2011 settlement with the FTC over its privacy practices. It is not clear from the report whether the company informed PricewaterhouseCoopers, which performed the audit, of the Cambridge Analytica data grab that would put Facebook in the crosshairs of Congress.
The heavily redacted audit by PricewaterhouseCoopers is available on the FTC’s website. It covers February 12, 2015, to February 11, 2017.
PwC declined to comment, but Facebook said on Friday that keeping data secure was a priority.
“We remain strongly committed to protecting people’s information, said Rob Sherman, Facebook’s deputy chief privacy officer, in a statement. “We appreciate the opportunity to answer questions the FTC may have.” The fact that PwC found no issues raised red flags for privacy advocates.
Jeffrey Chester, executive director of the Washingtonbased non-profit digital rights group Center for Digital Democracy, said: “The FTC failed to protect the public. Instead of conducting its own review to enforce one of its most important decisions — the consent decree — it looked the other way, which allowed Facebook to engage in serious misconduct.” Mr Chester said the audit shows that the “FTC cannot be relied on to really protect consumers”.
The 2011 consent decree bound Facebook to a 20-year privacy commitment.