Facebook User Private Photos Exposed

Facebook disclosed earlier this month that it had to correct an unintended coding error that led to the access of private photos of some of its users. Although the bug did not affect all user accounts, Facebook estimates that almost seven million consumers accounts were compromised because an unintended loophole allowed some third-party applications to access Facebook user private photos, namely, photos specifically designated as “private” in user accounts.

Facebook Privacy Breaches Continue Despite Claimed Security Improvements

The embattled social network technology giant has already had a difficult year with protecting the privacy of its users despite pledging that it had made improvements to its platform. Earlier this year in March, a third-party firm, Cambridge Analytica, was able to data-mine the usage data of Facebook users without express consent or knowledge. Later, in September, hackers breached Facebook’s security protocols and were able to gain full access to the entire directory of Facebook users, which numbers in the tens of millions.

Due to this latest incident, approximately 1,500 third-party applications were able to access seven million user accounts during a twelve-day period before Facebook discovered the flaw.  That is a lot of time for unauthorized access to Facebook user private photos without consent or even knowledge. This glitch can become an extremely costly lesson to Facebook, in many ways.

Facebook and FTC Compliance

Facebook has been under federal scrutiny since 2011, when it explicitly signed a consent decree passed down by the Federal Trade Commission (“FTC”). In the decree, the FTC prohibited Facebook from misrepresenting its security and consumer information privacy protocols. Since 2011, Facebook has also been required to obtain its users’ explicit consent regarding certain information usage. The FTC charged Facebook when instituting a more rigid and comprehensive security regiment to protect its users.

Because Facebook is still being investigated over the March Cambridge Analytica incident, experts have speculated that the latest breach could constitute a breach of the FTC agreement on Facebook’s end. The FTC itself has declined to comment, but many privacy experts hope that this motivates the government to pass stricter regulations in 2019.

Facebook Could See Hefty Fines Extend from Europe’s GDPR

Facebook’s latest misstep could also reach trouble abroad in the form of significant fines from the European Union (“EU”) under the General Data Protection Regulation (“GDPR”). Although Facebook was able to notify its users about the oversight within about twelve days, the GDPR requires that companies inform users “without undue delay.” As such, because Facebook failed to notify users of the breach within 72 hours, under the GDPR, Facebook could be punished by the EU.

The Irish Data Protection Commission, which is the investigation arm of the EU, commented that it has already initiated its inquiry, and if found guilty, Facebook could face fines of up to four percent of its global revenue. That means Facebook could face up to $1.6 billion dollars in fines, under the GDPR alone.

For more information on this topic, visit our Data Privacy service page, which is part of our Technology & Data Practice.

About the Firm:

Klemchuk LLP is a litigation, intellectual property (IP), and business law firm, located in Dallas, TX.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution.  Additional information about the Technology & Data law firm and its Technology & Data attorneys may be found at www.klemchuk.com.

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.