Meta: Difference between revisions - Consumer Rights Wiki

Line 28:

== Lawsuits ==

=== ~~European Union~~ ===

=== United States of America v. Facebook ===

In July 2019, Facebook agreed to pay $5 billion USD and implement corrective measures after it was sued by the Department of Justice and Federal Trade Commission (FTC) for "misleading users about the extent to to which third-party application developers could access users' personal information."<ref>https://www.justice.gov/opa/pr/facebook-agrees-pay-5-billion-and-implement-robust-new-protections-user-information</ref>

==== Facebook's Default Privacy Settings Controversy (2010-2018) ====

Facebook's default settings allowed third-party app developers to access not only the data of users who installed their apps, but also the data of those users' friends. While users could opt out of this data sharing, the setting was located separately from the main privacy settings page, making it difficult to find and adjust.<ref name=":0">https://www.justice.gov/opa/press-release/file/1186506/dl</ref>

After settling with the FTC in 2012 over deceptive privacy practices, Facebook initially added a privacy disclaimer about friend data sharing but removed it four months later. This occurred while continuing the same data-sharing practices that prompted the original FTC investigation, violating the order's prohibition against misrepresenting users' privacy control.<ref name=":0" />

While Facebook publicly announced in 2014 that it would stop allowing third-party developers to collect data about users' friends, it privately maintained agreements with dozens of "whitelisted developers" who continued to have this access until June 2018.<ref name=":0" />

==== Deceptive Two-Factor Authentication (2015-2018) ====

Facebook requested users' phone numbers for security purposes, including two-factor authentication, without effectively disclosing that this information would also be used for advertising purposes.<ref name=":0" />

==== Misleading Facial Recognition Implementation ====

In 2018, Facebook's updated data policy implied that facial recognition technology was opt-in, while tens of millions of users with older versions of the technology actually had to opt out to disable it.<ref name=":0" />

=== GDPR Violations ===

In July 2020, the Irish Data Protection Authority submitted an inquiry into Meta's Facebook service for transferring its users personal data to the U.S.<ref>[https://www.edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en "1.2 billion euro fine for Facebook as a result of EDPB binding decision"] - edpb.europa.eu - 22 May 2023 </ref> which failed to comply with a 2020 decision<ref>[https://www.nytimes.com/2020/07/16/business/eu-data-transfer-pact-rejected.html "E.U. Court Strikes Down Trans-Atlantic Data Transfer Pact"] - nytimes.com - 16 July 2020</ref> that the company's data was not secure enough. In May 2023, the European Data Protection Board (EDPB) enforced the $1.2 billion euro fine on Meta and an order to cease the "unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR."

@@ Line 28: / Line 28: @@
 == Lawsuits ==
-=== European Union ===
+=== United States of America v. Facebook ===
+In July 2019, Facebook agreed to pay $5 billion USD and implement corrective measures after it was sued by the Department of Justice and Federal Trade Commission (FTC) for "misleading users about the extent to to which third-party application developers could access users' personal information."<ref>https://www.justice.gov/opa/pr/facebook-agrees-pay-5-billion-and-implement-robust-new-protections-user-information</ref>
+==== Facebook's Default Privacy Settings Controversy (2010-2018) ====
+Facebook's default settings allowed third-party app developers to access not only the data of users who installed their apps, but also the data of those users' friends. While users could opt out of this data sharing, the setting was located separately from the main privacy settings page, making it difficult to find and adjust.<ref name=":0">https://www.justice.gov/opa/press-release/file/1186506/dl</ref>
+After settling with the FTC in 2012 over deceptive privacy practices, Facebook initially added a privacy disclaimer about friend data sharing but removed it four months later. This occurred while continuing the same data-sharing practices that prompted the original FTC investigation, violating the order's prohibition against misrepresenting users' privacy control.<ref name=":0" />
+While Facebook publicly announced in 2014 that it would stop allowing third-party developers to collect data about users' friends, it privately maintained agreements with dozens of "whitelisted developers" who continued to have this access until June 2018.<ref name=":0" />
+==== Deceptive Two-Factor Authentication (2015-2018) ====
+Facebook requested users' phone numbers for security purposes, including two-factor authentication, without effectively disclosing that this information would also be used for advertising purposes.<ref name=":0" />
+==== Misleading Facial Recognition Implementation ====
+In 2018, Facebook's updated data policy implied that facial recognition technology was opt-in, while tens of millions of users with older versions of the technology actually had to opt out to disable it.<ref name=":0" />
+=== GDPR Violations ===
 In July 2020, the Irish Data Protection Authority submitted an inquiry into Meta's Facebook service for transferring its users personal data to the U.S.<ref>[https://www.edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en "1.2 billion euro fine for Facebook as a result of EDPB binding decision"] - edpb.europa.eu - 22 May 2023 </ref> which failed to comply with a 2020 decision<ref>[https://www.nytimes.com/2020/07/16/business/eu-data-transfer-pact-rejected.html "E.U. Court Strikes Down Trans-Atlantic Data Transfer Pact"] - nytimes.com - 16 July 2020</ref> that the company's data was not secure enough. In May 2023, the European Data Protection Board (EDPB) enforced the $1.2 billion euro fine on Meta and an order to cease the "unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR."