A coalition of consumer groups and privacy organizations is asking the Federal Trade Commission to investigate Facebook over its use of facial-recognition techniques.
The Electronic Privacy Information Center has asked the government agency in the past to crack down on those technologies.
The new complaint, EPIC said, charges that Facebook is threatening user privacy in violation of a consent order issued in a Facebook settlement with the FTC in 2011.
“The scanning of facial images without express, affirmative consent is unlawful and must be enjoined,” the coalition said.
One week ago, the groups urged the FTC to reopen a 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the 2011 order, which barred Facebook from “making misrepresentations about the privacy or security of consumers’ personal information.”
It’s just the latest cloud on Facebook’s horizon. The social media giant recently acknowledged it allowed Cambridge Analytica, which had ties to Donald Trump’s presidential campaign, to access personal data without the knowledge of consumers. The company also assisted Barack Obama’s 2012 campaign.
Facebook’s stock has plunged, and Congress is planning to grill CEO Mark Zuckerberg.
Tom Pahl, a spokesman for the FTC’s Bureau of Consumer Protection, said in a statement recently that the agency is “firmly and fully committed to using all of its tools to protect the privacy of consumers.”
To that end, he said, it is ready to use its enforcement powers “against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act.”
He noted companies that have “settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook.”
“The FTC is confirming that is has an open non-public investigation into these practices,” Pahl said.
Zuckerberg is scheduled to testify before both the Senate Judiciary Committee and the House Commerce Committee in the coming days on the company’s privacy scandal.
It also was announced just days ago that a bipartisan coalition of 41 state attorneys general was asking Zuckerberg to explain his company’s privacy protections.
Pennsylvania Attorney General Josh Shapiro organized the effort to send a demand letter to Zuckerberg.
“Businesses like Facebook must comply with the law when it comes to how they use their customers’ personal data,” Shapiro said in a statement. “State attorneys general have an important role to play in holding them accountable and I’m proud to partner with so many of my colleagues from both sides of the aisle in the effort.”
As many as 87 million Facebook members may have had their personal information used inappropriately.
The attorneys general told Facebook: “Facebook apparently contends that this incident of harvesting tens of millions of profiles was not the result of a technical data breach; however, the reports allege that Facebook gave away the personal data of users who never authorized these developers to obtain it, and relied on terms of service and settings that were confusing and perhaps misleading to its users.”
“Consumers everywhere deserve answers in light of recent revelations regarding the unauthorized harvesting of data from tens of millions of Facebook profiles,” said Tim Fox, Montana’s attorney general.
EPIC long has been demanding consumer privacy protections in the social media world, even suing the FTC in 2012 for its failure to enforce a consent order against Google.
The 2011 consent order against Facebook followed extensive work by consumer groups beginning in 2009 on the issue of Facebook’s privacy provisions.
That was triggered by Facebook’s actions in 2009 to change user privacy settings, through which it “secretly transferred user data to third parties.”
The 2011 agreement was a “far-reaching settlement with the company, that prevented such disclosures, prohibited deceptive statements, and required annual reporting.”
EPIC also previously said “commercial actors” should not be deploying facial recognition techniques, because of an absence of safeguards to protect consumers.