Clik here to view.
The Norwegian Consumer Council (NCC) just reported Facebook to The Norwegian Data Protection Authority (DPA) for breaking European privacy law. This is coordinated with nine sister organisations in six European countries, according to NCC.
Wedneday this week it came to light that up to 87 million Facebook users may have been impacted by the Cambridge Analytica scandal. This number is significantly higher than the previous estimate of 50 million US citizens.
Norwegian News Agency (NTB) has confirmed that 17 Norwegians downloaded the thisisyourdigitallife app, giving Cambridge Analytica access to personal information. As a consequence, up to 37,550 Norwegians might have been affected.
This new information led the NCC to file a complaint on Facebook to the DPA. Nine sister consumer organisations in The Netherlands, Belgium, Spain, Portugal, Italy, and Greece have done the same.
In their letter to the DPA, the NCC writes:
– Based on news reports, it is clear from our perspective that there has been a breach of European data protection rules.
– It appears as if Facebook has not adequately protected its users’ data, and not taken all the necessary measures to amend the situation once it came to its knowledge in 2015.
Director of digital services at The Norwegian Consumer Council Finn Myrstad tells NRKbeta that one «now needs an independent evaluation from national authorities» on how Facebook is handling the personal information of Norwegians and other Europeans.
Facebook is launching new guidelines
In several interviews and press releases, Facebook has informed how they will tighten their practices in handling personal and sensitive data. Third party apps will for instance get access to less personal data on Facebook users, and Facebook promises to make it simpler to change its privacy settings.
Facebook will also remove the option to search for users by searching for phone numbers or email addresses.
In an interview with Vox, Facebook’s Mark Zuckerberg says they started investing more in security a year ago, and that it might take some years to solve the problems the company is facing.
The Norwegian Consumer Council: Problems known since 2010
On Monday Facebook will inform each single consumer whether they are affected, is that insufficient?
Defining whether consumers are getting the correct information cannot be left solely to Facebook, Myrstad says, and adds: «It is a company with a history of avoiding conversations about the difficult things. This will contribute to sending a strong signal that incidents of this kind will have consequences, and that one needs to give access to neutral actors like the DPA.
Myrstad is also pointing out that the issue has been known for years.
– The NCC reported the game company Zynga for exactly the same issue in 2010. One could really ask oneself which other apps have been harvesting similar data. This has been the practice from 2010 to 2015. Until recently, harvesting data from the platform has also been possible, though to a slightly more limited extent.
NRKbeta has contacted Facebook several times this afternoon for comments, so far without response.
The Norwegian complaint is based on a letter sent on behalf of 43 consumer organisations in 31 European countries to the «Article 29 Working Party» in the EU, a privacy group.
After what has come to light the last few days, several organisations felt they had to contact national authorities directly.
This is the Norwegian letter in full (in Norwegian)
Here is the European letter it is based on (in English)
Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Image may be NSFW.Clik here to view.
Clik here to view.