The “Big Four” accounting firm PricewaterhouseCoopers (PwC) had been assigned the job of auditing Facebook’s privacy practices every two years by the US Federal Trade Commission. This was done to make sure that Facebook didn’t break the 2011 FTC consent decree and deceive customers.
According to a heavily redacted copy of the latest audit published on FTC’s website, there seemed to be nothing wrong with Facebook’s privacy measures when the audit was conducted.
“In our opinion, Facebook’s privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information,” says PwC in the report.
The biennial report covers the time frame between February 12, 2015, to February 11, 2017, which coincides with the time when Cambridge Analytica sourced the data of over 87 million Facebook users, or probably more. It remains unclear whether Facebook kept PwC in the dark about the Cambridge Analytica scandal, just like it did its population of 2 billion until the whistleblower came forward.
In 2011, Facebook settled on a biennial external review process for 20 years after FTC’s charges that the company gave away far more data to third-party developers than it told the users.
If found violating the 2011 FTC consent decree, a fine of $41,484 were to be incurred per user per day on Facebook. Considering the number of Facebook users in the United States, the company could lose billions of dollars.
Not bringing up anything on CA scandal puts a question on the purpose of such audits. Further, the fact that the report is heavily redacted makes it hard for analysts to understand how the conclusion was made.
The advocacy group EPIC’s (Electronic Privacy Information Center) executive director Marc Rotenberg told The Register that FTC repeatedly used the trade secret exemption as a justification for withholding information that Facebook doesn’t want to be disclosed. For a company wanting its users to share all information they can, he thinks its ironic.
On Friday, EPIC filed a lawsuit under the Freedom of Information Act (FOIA) to obtain an unredacted copy of the audit.
Via The Register