In an open letter to CEO Mark Zuckerberg, Access Now is calling upon Facebook to undergo an independent audit of its data processing accompanied by a global human rights assessment.
The call comes after new revelations that Facebook entered into data disclosure agreements with device manufacturers and other companies that the company had not previously reported. A prior privacy audit in 2017, conducted by PwC as part of a 2011 consent decree with the US Federal Trade Commission, failed to reveal all of Facebook’s data processing procedures with its partners.
In addition to an independent audit and human rights impact assessment, Access Now calls on Facebook to:
- Release copies of data disclosure agreements with third parties;
- Publicly answer questions about data sharing agreements, why they were not previously disclosed, and how Facebook will compensate impacted users;
- Encourage device makers to similarly reveal what data they accessed, processed, or retained through these agreements;
- Regularly disclose policies and aggregate data on private, third-party requests for user data, and Facebook responses;
- Reform the Board of Directors, including for more diversity, expertise in data and human rights, and oversight of risks to users;
- Confirm again its commitment to applying the principles and rights of the EU General Data Protection Regulation globally; and
- Publically pledge to support new and updated data protection laws around the world.
“Mr. Zuckerberg can only feign ignorance and beg forgiveness so many times. Facebook has made a lot of mistakes in how it’s handling these scandals but the bigger mistake is the company’s decision to collect too much of our personal data and then to enter into irresponsible data disclosure agreements,” said Estelle Massé, Senior Policy Analyst at Access Now. “To save its credibility, Facebook must undergo a rigorous independent audit that will finally clarify exactly how the company treats our data.”
In addition to an open letter to Mark Zuckerberg, Access Now today also published an FAQ to explain what people who use Facebook need to know about the recent data privacy revelations and what steps they can take to protect their data.
“Now that the General Data Protection Regulation has begun to take effect in the European Union, people in the United States and around the world want the same protections. Every day that yet another article comes out showing Facebook still hasn’t told us the whole story, is another day that makes it inevitable that lawmakers will take action,” added Massé. “Facebook and other tech companies that handle and profit from our data should recognise that in the US, India, and many other nations, regulation to give users comprehensive data protection is not a question anymore of ‘if’ but ‘what’ and ‘when.’”