Speaking at the International Association of Privacy Professionals’ (IAPP) Global Privacy Summit in Washington DC this week, Facebook came in for heavy criticism for its conduct following the Cambridge Analytica scandal, news of which broke in March 2018.
Last month, Canada’s Privacy Commissioner, Daniel Therrien, attacked the social network for disputing his office’s judgement that Facebook had violated privacy law in Canada when it allowed Cambridge Analytica to harvest the data of tens of millions of Facebook users without proper consents in place.
Without having the ability to issue Facebook with a financial penalty, the Commission advised on improvements the company could make to shore up security in future – measures that Mark Zuckerberg’s firm has taken no notice of, the Commission argues.
Returning to his robust stance this week, Therriren told the IAPP Summit that Facebook’s refusal to acknowledge the gravity of its law-breaking transgressions, was “extremely disconcerting.”
“To say that Facebook’s response to our findings and recommendations was disappointing would be an understatement,” Therrien said, before highlighting examples dating back to 2009 of the social network’s lack of cooperation on key data protection issues.
“We think, 10 years later, that if Facebook had implemented [recommendations made in 2009] … meaningfully and not superficially, [Cambridge Analytica’s] unauthorised access and use of personal information by third-party applications could have been avoided or certainly significantly mitigated,” Therrien said.
“There’s a clear disconnect between what Facebook says it’s going to do in terms of privacy protection and what it actually does,” he added, before noting that Canada’s lack of power to fine companies highlighted how much the country’s laws need to be modernised.
“Sorry to say that while Canada was once a global leader in this area, it is now lagging behind,” Therrien continued.
Elsewhere, the US Federal Trade Commission is issuing a fine against Facebook which could reach billions of dollars. In the UK, the Information Commissioner’s Office has leveraged a £500,000 fine against the company under the Data Protection Act 1998, a fine against which Facebook is appealing.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/