Facebook Collected Users' Text and Calls Logs. Will the FTC Act?
On Android mobile operating systems, Facebook could bundle its permissions requests, leaving users in the dark about exactly what data the mobile app was collecting.
April 12, 2018 at 02:14 PM
4 minute read
Facebook profile on an Apple iPhone 6s. |
In the uproar that ensued after it was revealed that Cambridge Analytica collected the data of around 87 million Facebook users, some of the social media site's customers downloaded all their Facebook data to see just what personal information it held. What some users found led to even more outrage. Among the usual Facebook content of personal posts and friend requests were also the metadata of their SMS texts and calls.
Facebook has publicly stated it always asked for consent before collecting such information from users. On April 4, the social media company also changed its policy to delete all collected SMS and call logs older than one year. But the way in which consent was requested and gained to collect SMS and call log data has privacy advocates crying foul, and it may lead to legal liabilities for the social media company and Google's mobile operating system Android.
Ars Technica reported that in Android systems older than version 4.1, which was released in 2012, permission requests were bundled. “The older versions of Android basically asked for the 'read contacts' permission, so users assumed that would be their address book. But what they did was bundle that into the call log” to also collect SMS and call metadata, Shawn Davis, director of digital forensics at Edelson, told LTN.
While the permission requests have the capability to be split and are more specific in newer versions of Android operations systems, according to Ars Technica, they could still be presented as bundled by mobile applications. It is not yet known, however, whether bundling permissions will lead to legal burdens for Facebook or Android.
Jarno Vanto, a shareholder at Polsinelli, noted that while EU law, under the 1995 Data Protection Directive, and the upcoming General Data Protection Regulation (GDPR) forbids such permission bundling, its legality is less clear under U.S. law. “One of the key requirements under the Federal Trade Commission (FTC) Act is that any consumer disclosure in a privacy policy or on a web form must provide information that is truthful and that describes the actual practices of the company,” he said.
He specifically pointed out that Section 5 of the FTC Act defines what constitutes deceptive notice practices, and it enables the FTC to go after such activity. But, Vanto added, “I would not go so far as to say that these kind of vague permissions amounts to deceptive acts. At worst, it is kind of a failure to provide meaningful information to consumers about the choice they are making.”
Rebecca Rakoski, managing partner at Xpan Law Group, however, believes there is a distinct possibility the FTC looks into the matter. “It certainly is something we should all be watching, because the FTC is going to be incentivized to move forward and to make sure these privacy laws are being shored up in a more modern fashion rather than the old way of approaching privacy,” she said. “We are in a new realm with the way we exchange information over social media, and the law has not quite caught up to that.”
Jordan Fischer, managing partner at Xpan, added that the way the permissions were bundled can still be a privacy issue, despite the fact that such bundling may have only applied to older versions of Android in many instances. “It doesn't negate the fact that, for a period of time, they didn't ask for specific permission. It might mitigate any sanction they might receive, but it doesn't necessarily do away with the privacy violation.”
Beyond the FTC, Facebook and Android may face further scrutiny from states that have robust privacy laws, such as California, Rakoski said. “It would be important that you look not just at the federal level but also the state level.”
Whether the Facebook or Android face any legal problems remains to be seen, but it is clear that after Facebook's recent troubles, consumers are expecting a higher level of transparency from social media and internet companies.
“I think that the amount of public backlash and outrage we are seeing demonstrates that even though there are these permissions you can see and you have to grant before the apps can access your phone, they weren't clear enough, and that's why consumers are so upset at them,” said David Mindell, partner at Edelson.
“I think the problem is more the transparency of the disclosure and the accuracy of the disclosure that is made,” he added.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrump Win Ignites Global Legal Market: Lawyers Prepare for High Demand and Uncertainty
Russia-Linked Deepfakes Are Hitting the US Election. Will It Spur Congress to Act?
AI Gives Legal Departments New Leverage to Demand Speed, Efficiency From Law Firms
3 minute readTrending Stories
- 1Infant Formula Judge Sanctions Kirkland's Jim Hurst: 'Overtly Crossed the Lines'
- 2Trump's Return to the White House: The Legal Industry Reacts
- 3Election 2024: Nationwide Judicial Races and Ballot Measures to Watch
- 4Climate Disputes, International Arbitration, and State Court Limitations for Global Issues
- 5Judicial Face-Off: Navigating the Ethical and Efficient Use of AI in Legal Practice [CLE Pending]
- 6How Much Does the Frequency of Retirement Withdrawals Matter?
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250