The Electronic Privacy Information Center has filed a Freedom of Information Act lawsuit seeking the release of unredacted Facebook privacy assessments from the Federal Trade Commission. The assessments were mandated under the terms of a 2011 consent order.
EPIC is a nonprofit organization that was established in 1994 to focus public attention on emerging privacy and civil liberties issues. The public information request was prompted, in part, by recent revelations that up to 87 million users had their data misappropriated by an international political consulting firm
In 2011, Facebook agreed to settle FTC charges that it deceived consumers by telling them they could keep their information on the site private, and then repeatedly allowing it to be shared and made public.
The settlement also required Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers' express consent before their information is shared beyond the privacy settings they have established.
The FTC consent order also required Facebook to provide biennial assessments conducted by an independent auditor. Each assessment is expected to include: the privacy controls that Facebook has implemented and maintained during a given period; an explanation of the appropriateness of these privacy controls, nature and scope of Facebook’s activities, and sensitivity of the information; an explanation of how privacy controls meet the protections required by the Final Order; and a certification that the controls are operating with sufficient effectiveness in protecting privacy.
In March, EPIC filed a Freedom of Information Act request for the 2013, 2015, 2017 Facebook assessments and related records.
The earlier FOIA request drew attention to a version of the 2017 report available at the FTC Website, but that version was, and remains, heavily redacted. EPIC is now suing for the release of unredacted report.