Tag: Facebook

Facebook releases new Privacy Tool for global use

31. January 2020

On Data Privacy Day, Facebook launched its new privacy tool, which gives its users control over how they are tracked across the net.

In a blog post, Facebook CEO Mark Zuckerberg introduced its “Off-Facebook Activity” tool, which had been promised since May 2008, to social network’s worldwide audience. It originally had slow roll-outs throughout different countries since August 2019, but is now officially available globally.

Facebook is known for its vast reaching tracking of internet activity, ranging from doorbell apps over sellers’ websites to health apps. It had been criticized by law-makers for its tracking practices, especially considering the social network keeps tracking your data when you deactivate your account.

Now, wanting the start into the new decade to be more privacy oriented, Mark Zuckerberg is prompting Facebook users to review their privacy settings. On top of deleting your tracking history, it is now possible to turn off future tracking altogether. Though it is important to keep in mind that Facebook does not stop advertisers and businesses from targeting ads based on other factors.

Overall, the tool is supposed to complement Facebook’s Privacy Checkup feature, to allow for users to regulate their privacy more thoroughly, and more importantly, on their own terms.

Facebook collects location data despite deactivation

19. December 2019

Facebook has admitted at the request of several US senators that they continuously collect location data, even if the user previously deactivated this feature.

In case of deactivating this feature, location data is collected, for example, by IP address mapping or user activity. This includes, for example, a self-conducted location-tag in a certain restaurant or at a special location, but also the case of being linked by friends to a photo that contains a location-tag.

In the letter that Senator Josh Hawley published on Twitter, Facebook states that they have only the best intentions in collecting the data. According to the statement, this is the only way, for example, to place personalized ads or inform a user when someone logs in to a completely different location than usual with their account.

While Facebook states that the location data – based on e.g. the IP address –  does not indicate an exact Location but only the postcode, for example, it means that there is no way for users to opt-out of the collection of location data.

Category: General
Tags: ,

Advocate General’s opinion on “Schrems II” is delayed

11. December 2019

The Court of Justice of the European Union (CJEU) Advocate General’s opinion in the case C-311/18 (‘Facebook Ireland and Schrems’) will be released on December 19, 2019. Originally, the CJEU announced that the opinion of the Advocate General in this case, Henrik Saugmandsgaard Øe, would be released on December 12, 2019. The CJEU did not provide a reason for this delay.

The prominent case deals with the complaint to the Irish Data Protection Commission (DPC) by privacy activist and lawyer Maximilian Schrems and the transfer of his personal data from Facebook Ireland Ltd. to Facebook Inc. in the U.S. under the European Commission’s controller-to-processor Standard Contractual Clauses (SCCs).

Perhaps, the most consequential question that the High Court of Ireland set before the CJEU is whether the transfers of personal data from the EU to the U.S. under the SCCs violate the rights of the individuals under Articles 7 and/or 8 of the Charter of Fundamental Rights of the European Union (Question No. 4). The decision of the CJEU in “Schrems II” will also have ramifications on the parallel case T-738/16 (‘La Quadrature du net and others’). The latter case poses the question whether the EU-U.S. Privacy Shield for data transfers from the EU to the U.S. protects the rights of EU individuals sufficiently. If it does not, the European Commission would face a “Safe Harbor”-déjà vu after approving of the new Privacy Shield in its adequacy decision from 2016.

The CJEU is not bound to the opinion of the Advocate General (AG), but in some cases, the AG’s opinion may be a weighty indicator of the CJEU’s final ruling. The final decision by the Court is expected in early 2020.

Phone numbers of 420 million Facebook users in online database

5. September 2019

A database with more than 400 million phone numbers of Facebook users was publicly accessible online. Most of the records belong to American Facebook users (133 million), 50 million to users from Vietnam and 18 million to users from the UK. In each case the phone number was connected with the user’s Facebook ID, a long, unique and public number associated with the account.

As a result of the publicly accessible data the concerned users are put at risk for spam calls and SIM-swapping attacks. Furthermore, the passwords of the accounts can be changed so that the user cannot access his own Facebook profile.

IT-expert Sanyam Jain found the database and contacted TechCrunch after being unable to find the owner. TechCrunch verified the authenticity of the found data and then tried to determine the owner – without success. So they contacted the web host who turned the site down.

The database is not accessible at the moment, but it is still unknown how the data was collected and who uploaded the information. It is possible, that the ability to find friends by phone number on Facebook was misused to create the database. This feature was disabled by Facebook in April 2018. In connection to this new infringement, Facebook just announced that there is no evidence for a hacking attack.

Update: on Friday September 6th 2019 a copy of the database appeared on the internet, so that the data is currently publicly accessible again.

Privacy incidents cost Facebook 5 billion dollar

15. July 2019

According to a report of the Washington Post the Federal Trade Commission (FTC) has approved a $ 5 billion (approx. € 4,4 billion) settlement with Facebook. The settlement was reached between the FTC and Facebook due to various Data Protection incidents, in particular the Cambridge Analytica scandal.

The settlement relies on a three to two vote – the FTC’s three republicans supported the fine the two democrats were against it- and terminates the procedure for investigating Facebook’s privacy violations against users’ personal information. The fine of $ 5 billion is the highest fine ever assessed against a tech company, but even if it sounds like a very high fine, it only corresponds to the amount of the monthly turnover and is therefore not very high in relative terms. So far, the highest fine was $ 22,5 million for Google in 2012.

The decision of the FTC needs to be approved by the Justice Department. As a rule, however, this is a formality.

This is not the first fine Facebook has to accept in connection with various data protection incidents and certainly not the last. Investigations against Facebook are still ongoing in Spain as well as in Germany. In addition, Facebook has been criticized for quite some time for privacy incidents.

Italian DPA fines Facebook

2. July 2019

The Italian Data Protection Authority Garante (Garante per la protezione dei dati personali) fined Facebook due to the Cambridge Analytica Scandal of 2015, which was discovered in 2018. The Cambridge Analytica Scandal is connected to the presidential campaign of the current president of the USA Donald Trump.

The Garante has imposed a fine of EUR 1.000.000 for abusing the use of data of more than 200.000 Italian Facebook users and their Facebook friends. According to the Garante, the abused data has not been transferred to Cambridge Analytica, which was also confirmed by a Facebook spokesman.  Nevertheless, the high fine was imposed.

The fine is still based on the old Italian Data Protection law because at the time of the abusive use the GDPR, which now applies throughout Europe, was not yet in force.

Facebook has to answer to the scandal not only in Italy. Legal consequences are also looming in the USA.

 

Consumers should know how much their data is worth

27. June 2019

US Senators Mark R. Warner (Democrats) and Josh Hawley (Republicans) want to know from Facebook, Google and Co. exactly how much the data of their users, measured in dollars and cents, is worth to them.

Last Sunday, the two senators announced their intention for the first time in a US talk show: Every three months, each user is to receive an overview of which data has been collected and stored and how the respective provider rates it. In addition, the aggregated value of all user data is to be reported annually to the US Securities and Exchange Commission. In this report, the companies are to disclose how they store, process and protect data and how and with which partner companies they generate sales with the data. All companies with more than 100 million users per month will be affected.

The value of user data has risen enormously in recent years; so far, companies have protected their internal calculations as company secrets. In addition, there is no recognized method for quantifying the value of user data; only when a company is sold or valued by means of an initial public offering (IPO) does it become obvious. In the case of the WhatsApp takeover it was  $ 55 per user, in the case of Skype it was $ 200.

But one can doubt the significance of these figures. A further indication can be the advertising revenues, which are disclosed by companies per quarter. At the end of 2018, Facebook earned around $6 per user worldwide, while Amazon earned $752 per user. These figures are likely to rise in the future.  “For years, social media companies have told consumers that their products are free to the user. But that’s not true – you are paying with your data instead of your wallet,” said Senator Warner. “But the overall lack of transparency and disclosure in this market have made it impossible for users to know what they’re giving up, who else their data is being shared with, or what it’s worth to the platform. […]” Experts believe it is important for consumers to know the value of their data, because only when you know the value of a good you are able to value it.

On Monday, Warner and Rawley plan to introduce the  Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (DASHBOARD) Act to the parliament for its first reading. It remains to be seen whether their plans will meet with the approval of the other senators.

Google Introduces Automatic Deletion for Web Tracking History

7. May 2019

Google has announced on its blog that it will introduce an auto delete feature for web tracking history.

So far, users have the option to manually delete data from Google products such as YouTube or Maps. After numerous requests, however, Google follows other technology giants and revised its privacy settings. “We work to keep your data private and secure, and we’ve heard your feedback that we need to provide simple ways for you to manage or delete it,” Google writes on it’s blog.

Users will be able to choose a period for which the data should remain stored, lasting a minimum of 3 months and a maximum of 18 months. At the end of the selected period, Google will automatically delete the data on a regular basis. This option will initially be introduced for Location History and Web & App Activity data and will be available over the next few weeks, according to Google.

Google’s announcement came the day after Microsoft unveiled a set of features designed to strengthen privacy controls for its Microsoft 365 users, aimed to simplify its privacy policies.

On the same day, during Facebook’s annual developer conference, F8, Mark Zuckerberg announced a privacy roadmap for the social network.

Latest Facebook Data Breach

25. April 2019

Since May 2016 Facebook uploaded email-contacts without respectively against the will of 1,5 million users.

Facebook itself discovered the mistake in March 2019 and according to it’s own statement has now corrected it. The data was uploaded unintentionally and not shared with third parties. The data will be deleted and Facebook will contact the concerned users.

Facebook was able to read the email-contacts of 1,5 million users, but the concerned amount of data subjects is a lot higher due to that many  users have thousands of contacts. Facebook denied that e-mails have been accessed by its employees. It expects a fine of three to five billion dollar in the USA.

Category: Cyber security · Data breach
Tags:

The German Bundeskartellamt prohibits Facebook to combine their user data from different sources

7. February 2019

The Bundeskartellamt announced in a press release on their website on Febraury 7, 2019 that it imposes far-reaching restrictions on Facebook.

Up to now Facebook’s terms and conditions stated that users have only been able to use the social network under the precondition that Facebook can collect user data also outside of the Facebook website in the internet or on smartphone apps and assign these data to the user’s Facebook account. Therefore, all data collected on the Facebook website, by Facebook-owned services which includes Instagram and WhatsApp as well as on third party websites can be combined and assigned to the account of a Facebook user.

The authority’s decision affects said processing of user data in Germany and covers different sources of data.
Firstly, all social networks/services can continue to collect data under the existing laws. But the collected data can only be transferred to Facebook itself if consent is given by the data subject (the user). If such a consent is not given, the data cannot be assigned to an existing Facebook account. Secondly, the same applies to collecting data from third party websites.
Consequently, without the above mentioned consent Facebook will face far-reaching restrictions concerning collecting and combining data.

The Bundeskartellamt states as reason for this decision that in December 2018 Facebook had 1.52 billion daily active users and 2.32 billion monthly active users and therefore also occupies a dominant position in the German market for social networks. It further claims that the market share of Facebook concerning social networks in Germany is more than 95 % (daily active users) and more than 80 % (monthly active users). Therefore, the conclusion is drawn that the group with its subsidiaries WhatsApp and Instagram occupy a key position in the market which indicates a monopolisation process. Competitors like Google+, Snapchat, YouTube or Twitter or professional networks like LinkedIn or Xing provide only components of the services offered by the Facebook Group.

The authority’s decision is not yet final. Facebook has one month to appeal the decision to the Düsseldorf Higher Regional Court. The company has already announced that it will appeal against the decision.

Category: EU · General · German Law · Instagram · Personal Data
Tags:
Pages: 1 2 3 4 Next
1 2 3 4