Another Privacy Breach: Millions of Facebook User Private Photos Compromised

Facebook User Private Photos Exposed

Facebook disclosed earlier this month that it had to correct an unintended coding error that led to the access of private photos of some of its users. Although the bug did not affect all user accounts, Facebook estimates that almost seven million consumers accounts were compromised because an unintended loophole allowed some third-party applications to access Facebook user private photos, namely, photos specifically designated as “private” in user accounts.

Facebook Privacy Breaches Continue Despite Claimed Security Improvements

The embattled social network technology giant has already had a difficult year with protecting the privacy of its users despite pledging that it had made improvements to its platform. Earlier this year in March, a third-party firm, Cambridge Analytica, was able to data-mine the usage data of Facebook users without express consent or knowledge. Later, in September, hackers breached Facebook’s security protocols and were able to gain full access to the entire directory of Facebook users, which numbers in the tens of millions.

Due to this latest incident, approximately 1,500 third-party applications were able to access seven million user accounts during a twelve-day period before Facebook discovered the flaw.  That is a lot of time for unauthorized access to Facebook user private photos without consent or even knowledge. This glitch can become an extremely costly lesson to Facebook, in many ways.

Facebook and FTC Compliance

Facebook has been under federal scrutiny since 2011, when it explicitly signed a consent decree passed down by the Federal Trade Commission (“FTC”). In the decree, the FTC prohibited Facebook from misrepresenting its security and consumer information privacy protocols. Since 2011, Facebook has also been required to obtain its users’ explicit consent regarding certain information usage. The FTC charged Facebook when instituting a more rigid and comprehensive security regiment to protect its users.

Because Facebook is still being investigated over the March Cambridge Analytica incident, experts have speculated that the latest breach could constitute a breach of the FTC agreement on Facebook’s end. The FTC itself has declined to comment, but many privacy experts hope that this motivates the government to pass stricter regulations in 2019.

Facebook Could See Hefty Fines Extend from Europe’s GDPR

Facebook’s latest misstep could also reach trouble abroad in the form of significant fines from the European Union (“EU”) under the General Data Protection Regulation (“GDPR”). Although Facebook was able to notify its users about the oversight within about twelve days, the GDPR requires that companies inform users “without undue delay.” As such, because Facebook failed to notify users of the breach within 72 hours, under the GDPR, Facebook could be punished by the EU.

The Irish Data Protection Commission, which is the investigation arm of the EU, commented that it has already initiated its inquiry, and if found guilty, Facebook could face fines of up to four percent of its global revenue. That means Facebook could face up to $1.6 billion dollars in fines, under the GDPR alone.

You may also be interested in:

Sign up for and explore our content and thought leadership here.

About the Firm:

Klemchuk LLP is a litigation, intellectual property, transactional, and international business law firm dedicated to protecting innovation. The firm provides tailored legal solutions to industries including software, technology, retail, real estate, consumer goods, ecommerce, telecommunications, restaurant, energy, media, and professional services. The firm focuses on serving mid-market companies seeking long-term, value-added relationships with a law firm. Learn more about experiencing law practiced differently and our local counsel practice.

The firm publishes Intellectual Property Trends (latest developments in IP law), Conversations with Innovators (interviews with thought leaders), Leaders in Law (insights from law leaders), Culture Counts (thoughts on law firm culture and business), and Legal Insights (in-depth analysis of IP, litigation, and transactional law).