March 22, 2018

After Reports of Open Federal Trade Commission (FTC) Investigation, Harris and Klobuchar Encourage FTC to Thoroughly Investigate Facebook for All Potential Breaches of Americans’ Personal Data

In 2011, a consent decree was negotiated to settle Federal Trade Commission (FTC) complaints that Facebook was deceiving consumers by sharing or publicizing private user information; Recent reports detailing Cambridge Analytica’s misuse of that data raise questions about whether Facebook is in compliance with the terms of that consent decree

WASHINGTON, D.C. - Following reports that the Federal Trade Commission (FTC) opened an investigation this week, U.S. Senators Kamala D. Harris (D-CA) and Amy Klobuchar (D-MN) wrote to the FTC to encourage the Commission to conduct a thorough investigation—which should include examining any and all potential violations of users’ privacy—to assess whether Facebook violated a 2011 consent decree or any other applicable laws following recent reports that Cambridge Analytica misused the data of 50 million Facebook users. In 2011, a consent decree was negotiated to settle FTC complaints that Facebook was deceiving consumers by sharing or publicizing private user information after assuring users that the information would be kept private. Recent reports indicate that Cambridge Analytica accessed the personal Facebook user data of 50 million Americans without their permission, raising questions about whether Facebook is in compliance with the terms of that consent decree. The senators respectfully request a response to a number of questions to ensure the thoroughness of the important investigation.

“Facebook plays an important role in our society. Roughly two-thirds of American adults now report that they are Facebook users, and roughly three-quarters of those users access Facebook on a daily basis. Facebook has a legal responsibility to ensure user data is secure and that its policies are transparent—which includes upholding the privacy rights of its users and keeping its promises when it comes to notifying them if there has been a violation,” the Senators wrote.

The full text of the letter can be found below:

Dear Acting Chairman Ohlhausen:

We write in response to recent reports that the Federal Trade Commission (FTC) will investigate Facebook for the breach involving the personal data of 50 million Americans and to express our view that such an action would be a positive step toward determining whether the media company violated a 2011 FTC consent decree. We urge the FTC to conduct a thorough investigation—which should include examining any and all potential violations of users’ privacy—to assess whether Facebook violated the decree or any other applicable laws.

As you know, the 2011 consent decree was negotiated to settle FTC complaints that Facebook was deceiving consumers by sharing or publicizing private user information after assuring users that the information would be kept private. In particular, the consent decree required that Facebook obtain users’ “affirmative express consent” before sharing a user’s nonpublic information with any third party. It also mandated that Facebook establish a comprehensive privacy program to address privacy risks associated with the development and management of new and existing products and services.

Recent reports concerning Cambridge Analytica’s access to the Facebook user data of millions of Americans raise serious questions about whether Facebook is in compliance with the terms of the consent decree. Two former FTC Bureau of Consumer Protection officials have suggested that Facebook may have violated the terms of that decree. One commented that each violation of the consent decree could carry a $40,000 fine, which could result in an aggregate fine amounting to billions of dollars.

Facebook plays an important role in our society. Roughly two-thirds of American adults now report that they are Facebook users, and roughly three-quarters of those users access Facebook on a daily basis. Facebook has a legal responsibility to ensure user data is secure and that its policies are transparent—which includes upholding the privacy rights of its users and keeping its promises when it comes to notifying them if there has been a violation.

Accordingly, we respectfully request responses to the following questions by April 13, 2018:

  • Will the FTC’s investigation include an inquiry into whether Facebook’s release of user data to Cambridge Analytica constitutes a violation of Facebook’s obligations under its 2011 consent decree or under any other law?
  • Will the FTC’s investigation address any other unconsented releases of Facebook user data that may have occurred since the execution of the 2011 consent decree and whether any such releases violate the terms of the consent decree or any other law?
  • Will the FTC’s investigation look into whether the comprehensive privacy program that Facebook was required to establish under the 2011 consent decree was and remains adequate (1) to address privacy risks associated with the development and management of new and existing products and services, and (2) to protect the privacy and confidentiality of consumers' information? 
  • Will the FTC commit to giving a confidential briefing on the progress of the FTC’s investigation to our staff, as well as the staff of the Chairman, Ranking Member, and other members of the Senate Judiciary Committee, at an appropriate point in the investigation?
  • Will the FTC commit to issuing a public statement concerning the outcome of the investigation upon its conclusion, so that the public can be made aware of the circumstances surrounding this significant breach?

Thank you for your consideration of this matter,

Sincerely,

###