There’s some new info about Facebook badness this week, which comes courtesy of Senator Ron Wyden. The short version is this: back in 2013 or so, when Mark Zuckerberg was reorienting the entire company around smartphones, Facebook struck deals with a bunch of phone manufacturers to give them special access to Facebook’s user data.
According to the documents Wyden provided to the New York Times, those data-sharing agreements were not heavily policed by Facebook, even though they fell under a 2011 consent decree with the FTC that monitored Facebook’s privacy practices. In 2013, while probing agreements with Microsoft and BlackBerry, the firm PricewaterhouseCoopers “found only ‘limited evidence’ that Facebook had monitored or checked its partners’ compliance with its data use policies.” This is the same lax oversight that led to the Cambridge Analytica scandal, in which Facebook granted third parties access to user data without verifying whether those parties were acting in compliance with Facebook rules.
“Facebook’s own, handpicked auditors said the company wasn’t monitoring what smartphone manufacturers did with Americans’ personal information, or making sure these manufacturers were following Facebook’s own policies,” Senator Wyden, a Democrat, told the Times.
FTC consent decrees often let companies monitor themselves, meaning that Facebook could determine how to assess its own privacy practices. Rather than addressing the issues, Facebook changed the criteria for its next two audits, and “the company was graded on a seemingly less stringent policy with data partners.” Instead of changing its answers, Facebook changed the test itself.
In a letter to Wyden sent last month, Facebook emphasized that PricewaterhouseCoopers still concluded that Facebook had provided “reasonable assurance” that it was protecting user privacy.