The US Federal Trade Commission has confirmed that Facebook is under investigation into its privacy practices, amidst allegations that its connection with British company Cambridge Analytica resulted in misuse of personal data of some 50 million users.
The FTC, in a statement yesterday, confirmed that it has an "open non-public investigation" into Facebook's privacy practices.
"FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook, said Tom Pahl," FTC's Acting Director in the Bureau of Consumer Protection said.
Pahl said the FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers.
"Foremost among these tools is enforcement action against companies that fail to honour their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act," the statement said.
"Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements," it said.
In a related development, attorney generals of as many as 37 states yesterday sent a letter to Facebook CEO Mark Zuckerberg calling for answers to reports that millions of Facebook users personal data were provided to third parties without their knowledge or informed consent.
In the letter, the attorney generals demand to know about Facebook's role in the manipulation of users data by Cambridge Analytica "without those users' knowledge" as well as Facebook's policies and procedures for protecting users private data.
The letter requests that Facebook produce information regarding their business practices and safeguards to protect users' privacy.
Signatories to the letter, among others, includes New Jersey Attorney General Gurbir S Grewal.
Early reports indicate that user data of at least 50 million Facebook profiles may have been misused and misappropriated by third-party software developers, the letter said.
"According to these reports, Facebook's previous policies allowed developers to access the personal data of "friends" of people who used applications on the platform, without the knowledge or express consent of those "friends"," the attorney generals said.
It has also been reported that while providing other developers access to personal Facebook user data, Facebook took as much as 30 per cent of payments made through the developers' applications by Facebook users, they said.
"Facebook apparently contends that this incident of harvesting tens of millions of profiles was not the result of a technical data breach however, the reports allege that Facebook allowed third parties to obtain personal data of users who never authorised it, and relied on terms of service and settings that were confusing and perhaps misleading to its users," the letter said.
These revelations raise many serious questions concerning Facebook's policies and practices, and the processes in place to ensure they are followed, they said.
According to the attorney general, even with the changes Facebook has made in recent years, many users still don't know that their profile and personal data is available to third-party vendors.
"Facebook has made promises about users privacy in the past, and we need to know that users can trust Facebook. With the information we have now, our trust has been broken," the letter said.