Facebook guilty of health data privacy violation, complaints say

A complaint filed with data regulators in the US has described Facebook’s relationship with its user-base as “unfair, deceptive and misleading,” a BBC report reveals.

The social media network has been guilty of neglecting privacy with regards to the health records of in-patients and other groups, the Federal Trade Commission (FTC) heard.

A number of account holders may also have undergone privacy violations of a life-threatening degree, the lodged complaint went on to say. Making its defence to the BBC, Facebook claimed that it was not the anonymous platform that critics make it out to be.

In a tumultuous past year for Facebook’s reputation for sound data handling practices, the privacy of the platform’s groups also came under fire in 2018, when members of a restricted-access group for women with the BRCA gene mutation found that their personal private details could be accessed and downloaded by third parties.

Though Facebook made necessary changes to iron out security issues, the complaint has said that Mark Zuckerberg’s firm should still have informed affected users that their data was being downloaded.

“Facebook did not notify affected users within the required 60 days and we believe that Facebook has not notified the FTC of the breach within the required 10 business days,” the complaint read.

The platform playing “a game of privacy roulette” with patient health groups, as those involved are unable to know whether forging new relationships will lead to their data being downloaded in messages written within closed or private groups, the complaint maintains.

The charges also question the likelihood of criminal elements honing in on such groups and stealing the data of vulnerable people, which might eventually constitute a privacy violation of life-threatening proportions.

“It is possible that some of the Facebook-borne genocides have taken advantage of this flaw,”, the complaint says, in a possible nod to the ethnic cleansing of stateless Rohingya Muslims in Myanmar.

In reaction, Facebook said:

“It’s intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community and can see the posts they choose to share with that community.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.