Your Contracts Solution
Contracts Management & Consulting Services
Screen Shot 2018-04-12 at 9.56.03 AM.png

privacy rights blog

Staying Up to Date

 

Oops, Facebook Mistakes Revealed

Recall that Mark Z, during his U.S. Congressional testimony, said that the typical Facebook user does not read the terms of use.  Ironically, yesterday while being questioned by Parliament in the UK, Facebook's CTO admitted that Facebook did not read the terms and services of the app that improperly shared user data with Cambridge Analytica.  The Information Commissioners Office (UK's watchdog for data privacy) has been investigating data misuse and political advertising given the concerns that data was used to influence Brexit votes and other political outcomes.

Facebook has been haunted by criticisms of how it handles users' data in the wake of the Cambridge Analytica scandal that saw millions of people's data shared without their permission to Cambridge Analytica.  In an effort to understand how data collecting companies can mitigate risk and prevent the same mistakes, here are the mistakes that Facebook made:

  • Mistake #1:  Facebook did not read the terms of use of an app that was extracting data from Facebook.
  • Mistake #2:  Facebook did not notify users of the data leak earlier.
  • Mistake #3:  Facebook also did not contact the Information Commissioners Office about misuse of data. 

We recommend the following actions be taken by companies wishing to mitigate risks or exposure to violations, fines and possible criminal penalties.  I am guessing that #5 is where Facebook encountered the biggest deficiencies. Proper protocols and workable procedures could have been prevented these mistakes.  

  1. Review of all terms and conditions for compliance with European Union Data Protection Regulations (GDPR), U.S. Data Protection Regulations (Federal and State).
  2. Review of contracted sales for dissemination of public user data without proper or informed consent.
  3. Review and assessment of confidential Information and private Information.
  4. Prepare a matrix of crossover breach of contractual and regulatory compliance requirements.
  5. Review of policies, procedures and protocols to determine gaps in addressing compliance issues.
  6. Prepare a strategic and tactical plans of action addressing above.
  7. Regular auditing.

For an overview of the Cambridge Analytica data breach see blog posting entitled "What's Going on With Facebook?"