State Attorney Generals demanding answers from Facebook

HARRISBURG – Today, Pennsylvania Attorney General Josh Shapiro led a bipartisan coalition of 37 state Attorneys General in sending a letter demanding answers from Facebook CEO Mark Zuckerberg about the company’s business practices and privacy protections.

“Businesses like Facebook must comply with the law when it comes to how they use their customers’ personal data,” Attorney General Josh Shapiro said. “State Attorneys General have an important role to play in holding them accountable and I’m proud to partner with so many of my colleagues from both sides of the aisle in this effort.”

As the Attorneys General write in their letter to CEO Zuckerberg, news reports indicate the data of at least 50 million Facebook profiles may have been misused by third-party software developers. Facebook’s policies allowed developers to access the personal data of “friends” of people who used certain applications – without the knowledge or consent of these users.

“Pennsylvania residents using Facebook – and users across the country — deserve to know where their data is going, and what it is being used for,” added Attorney General Shapiro. “Facebook needs to answer our questions so we can know if the company is upholding its end of the bargain with its customers.”

The letter to Zuckerberg, initiated by Attorney General Shapiro and joined by a bipartisan coalition of Attorneys General, raises a series of questions about the social networking site’s policies and practices, including:

  • Were those terms of service clear and understandable?
  • How did Facebook monitor what these developers did with all the data that they collected?
  • What type of controls did Facebook have over the data given to developers?
  • Did Facebook have protective safeguards in place, including audits, to ensure developers were not misusing the Facebook user’s data?
  • How many users in the states of the signatory Attorneys General were impacted?
  • When did Facebook learn of this breach of privacy protections?
  • During this timeframe, what other third party “research” applications were also able to access the data of unsuspecting Facebook users?

The Attorneys General write in the letter: “Facebook apparently contends that this incident of harvesting tens of millions of profiles was not the result of a technical data breach; however, the reports allege that Facebook gave away the personal data of users who never authorized these developers to obtain it, and relied on terms of service and settings that were confusing and perhaps misleading to its users.”

Joining Attorney General Shapiro in leading the letter were Attorneys General Tim Fox (R-MT), Ellen Rosenblum (D-OR), Marty Jackley (R-SD) and George Jepsen (D-CT).

“Consumers everywhere deserve answers in light of recent revelations regarding the unauthorized harvesting of data from tens of millions of Facebook profiles,” said Montana Attorney General Tim Fox. “I’m pleased to be one of five lead Attorneys General in a multi-state, bipartisan inquiry demanding answers from Facebook and ensuring its users can control the privacy of their accounts.”

“As a bipartisan group of Attorneys General, we care deeply about the privacy of our constituents personal information,” said Oregon Attorney General Ellen Rosenblum. “Just because they use Facebook and signup for apps does not mean consumers have signed a lifetime agreement to give up their privacy. We have asked Facebook several important questions and we expect clear answers from them. We must be assured that a breach  or “leak” of this nature will not happen again.”

“Facebook provides its users significant opportunity to share events and personal information,” said South Dakota Attorney General Marty Jackley. “As Attorney General, I am working to protect consumers from the loss of personal information through data-harvesting and breaches. Facebook is being cooperative with our office in determining the best course of action to deal with the data loss that might have occurred for South Dakota residents.”

“The situation involving Facebook and Cambridge Analytica raises significant concerns about Facebook’s policies and practices relating to user privacy, as well as the truthfulness and clarity of representations made to users concerning the uses of their data,” said Connecticut Attorney General George Jepsen. “We take this very seriously and are collectively engaging Facebook to get to the bottom of what happened and to ensure that these privacy concerns are addressed.”

To view a copy of today’s letter and the full list of signatories, please click here.

SOURCE: PA Attorney General’s Press Office