Facebook's links to questions of privacy and data protection came most to the fore in the Cambridge Analytica scandal in 2018. But the problems extend before and after that as the timeline below shows. Given Facebook's power, addressing these questions is vital to a healthy internet and a healthy democracy. We have also called for "The Facebook Oversight Board we really need" as part of proper oversight of Facebook (and indeed other Big Tech players).
20 Oct 2021
Facebook fined £50.5m for breaching order in Giphy takeover investigation
- CMA says firm ‘deliberately’ refused to supply information showing it had complied with order to separate businesses
10 Oct 2021
Francs Haugen, former Facebook product manager, exposes how the tech giant puts profit before the public good
Frances Haugen leaves the company in May and takes with her tens of thousands of pages of internal documents that contain a litany of revelations, including:
- Instagram knew it was harming the mental health of some teenage girls
- A Facebook algorithm change in 2018 increased divisiveness on the platform
- Nearly 90% of Facebook’s moderation efforts are focused on English content, despite the majority of users being non-English speakers.
- The Guardian reports details
24 Sep 2021
Facebook Files: 5 things leaked documents reveal
- Celebrities were treated differently by Facebook
- Its response to employee concerns about human trafficking was often 'weak'
- Facebook faces a huge lawsuit from shareholders
- Has Facebook been promoting positive stories about itself?
- Facebook knew Instagram was 'toxic' for teens
- The BBC reports details with links to more info
4 Aug 2021
Facebook suspend accounts of Cybersecurity for Democracy
- Cybersecurity for Democracy Facebook accounts get suspended. These were used to uncover systemic flaws in the Facebook Ad Library, identify misinformation in political ads, and to study Facebook’s apparent amplification of partisan misinformation.
- Facebook cuts off access to more than two dozen other researchers and journalists including work measuring vaccine misinformation with the Virality Project
- Details in Twitter thread
5 April 2021
Facebook data leak: details from 533 million users found on website for hackers
- Details from more than 500 million Facebook users have been found available on a website for hackers.
- Facebook says not to worry it happened a few years ago...(not quite in those words)
- The Guardian reports Facebook data leak: details from 533 million users found on website for hackers.
13 July 2020
Spanish politician's WhatsApp hacked
- A reminder that despite WhatsApp's "end to end encryption" it can still be hacked by spyware
- The Guardian reports Phone of top Catalan politician 'targeted by government-grade spyware'
21 Feb 2020
Private WhatsApp groups' information made public via Google
- Facebook have set public WhatsApp groups to be indexable by Google which means the group information can be seen publicly on Google and anyone can join
- Vice reports that Google Is Letting People Find Invites to Some Private WhatsApp Groups.
1 August 2019
WhatsApp's "end to end encryption" turns out to be pointless?
- Facebook can see what you type/say into WhatsApp before it is encrypted.
- Forbes reports that Facebook can 'wiretap' WhatsApp and bypass encryption.
10 June 2019
25 million Android phones infected with malware hidden in WhatsApp
- Up to 25 million Android users have been infected with malware that replaces the phone's app with a fake version full of adverts.
- Forbes reports that 15 million victims are based in India, 300,000 in the USA, and 137,000 in the UK.
13 May 2019
Serious hack of WhatsApp allows hackers to install spyware on iPhones and Androids
- A software flaw in the audio call function of WhatsApp has allowed hackers to install spyware on users' iPhones and Androids.
- Wired reports that hackers will have been given access to a huge amount of personal information.
- Facebook's short report on the incident confirms hackers had "remote execution" powers, and the spyware could have been installed even if the users didn't answer the phone.
18 April 2019
Facebook uploaded email contacts of 1.5m users without consent
- The Guardian reports that Facebook has admitted to unintentionally uploading the address books of 1.5 million users without their consent.
- Facebook had access to a vast amount of personal data and admitted that there were flaws in its usage of passwords.
4 April 2019
Facebook partnering with The Daily Telegraph to publish sponsored articles downplaying 'technofears' and praising the company
- Facebook is paying The Daily Telegraph to run a series of positive sponsored stories about it.
- Business Insider reports the British newspaper is running dozens of stories that defend Facebook on controversial subjects like terrorism, hate speech, and cyber-bullying.
3 April 2019
Hundreds of millions of Facebook records exposed on Amazon cloud servers
- Third-party Facebook app developers have stored user data on Amazon's servers in a way that allowed it to be downloaded by the public, according to a report from UpGuard, a cybersecurity firm.
- One of the companies stored more than 540 million records, including comments, likes, reactions and account names
- Facebook has "no way of guaranteeing the safe storage of the data of their end users if they are going to allow app developers to harvest it in mass"
30 March 2019
Historical Facebook posts by Mark Zuckerberg 'mistakenly deleted'
- A number of blog posts and news updates previously published on Facebook by Mark Zuckerberg have been deleted, some dating back to 2011.
- In a statement, a spokesperson for Facebook said the posts were “mistakenly deleted” after “technical errors”.
- Some of the missing posts comment on significant events for the company, including its acquisition of Instagram in 2012.
13 March 2019
Criminal probe into Facebook data deals
- Two tech companies that make smartphones (unnamed in reports) have received a subpoena from the New York grand jury regarding data deals made with Facebook.
- These deals involved integrating the developing products with Facebook platforms and features, in exchange for user data to inform the building of the product.
- Users reportedly did not always know the extent of information shared.
4 March 2019
Backlash over misuse of security phone numbers
- Facebook users have been asked to add their phone number as two-factor authentification since 2011.
- Backlash from editor of Emojipedia Jeremy Burge claims that the information can be used to search users, too, with an unclear opt-out system.
For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there's no way to disable that. pic.twitter.com/zpYhuwADMS
— Jeremy Burge ?? (@jeremyburge) March 1, 2019
- Facebook responded in a statement claiming that this search feature was disabled in April 2018.
2 March 2019
Facebook's lobbying against data privacy laws revealed
- Leaked internal documents reveal Facebook's global effort of incentivising politicians to lobby against data privacy laws.
- This includes pressure to lobby against the "restrictive" GDPR, and the threat of withholding investment from countries who refused to support and pass Facebook-friendly laws.
- The documents' association with the Six4Three lawsuit (see below) and their dispersal in breach of court order has prevented Facebook from commenting.
March 2019
Report of the UK Digital Competition Expert Panel strongly criticises Facebook's privacy and business practices
- The Unlocking digital competition report says "The Digital, Culture, Media and Sport Committee was robust in its assessment of Facebook’s business model and the challenges it poses in its February 2019 report. It stated that the evidence the committee obtained ‘from the Six4Three court documents indicates that Facebook was willing to override its users’ privacy settings in order to transfer data to some app developers, to charge high prices in advertising to some developers, for the exchange of that data, and to starve some developers – such as Six4Three – of that data, thereby causing them to lose their business.’
22 Feb 2019
Intimate personal information shared to Facebook by third-party apps
- A report by the Wall Street Journal revealed that highly personal information such as heart rate, menstrual cycle, and weight, is being shared to Facebook from third-party apps.
- The data is shared even if the user is not signed up to Facebook.
- Apps involved such as Flo Period & Ovulation Tracker share the data in order to use a Facebook analytics tool that informs how they develop their product and personalise ads.
7 Feb 2019
The German competition authority decides to impose restrictions on Facebook’s collection and combination of user data
- The Bundeskartellamt has imposed on Facebook far-reaching restrictions in the processing of user data. See official announcement
- Privacy issues remain even with GDPR in place.
28 Jan 2019
Irish Data Protection Commission raises concern over Facebook's merger with WhatsApp and Instagram
- Body that regulates Facebook in the EU called an urgent meeting with Facebook Ireland to discuss plans for its merger with Instagram and WhatsApp
- The DPC has stated its desire to closely follow developments in the project, particularly concerning how data is shared and used across the platforms.
- It emphasised that the merger could not become effective in the EU if it did not meet requirements of the GDPR.
30 April 2018
WhatsApp founder steps down four years after service is bought by Facebook
- Jan Koum sold the messaging giant to Facebook in 2014, emphasising at the time that user privacy was "coded into [their] DNA," and that "if partnering with Facebook meant that we had to change our values, we wouldn’t have done it."
- Koum has now stepped down from the position with no explanation for his exit beyond that it is time for him "to move on".
- His parting Facebook status was met with encouraging comments from Mark Zuckerberg and Sheryl Sandberg, though an anonymous company executive claimed that Koum had stepped down after becoming concerned with Facebook's position on privacy.
17 March 2018
Cambridge Analytica Files published by The Guardian
- Facebook's biggest ever data breach at the time, in which the data from 50 million user profiles was co-opted by political consultancy Cambridge Analytica.
- A whistleblower revealed that the information had been used to profile audiences for Trump's election campaign material as well as the efforts of Vote Leave.
- The $1m dollar profile-harvesting operation brought the importance of data protection to the fore and illustrated the power of data as a commodity.
25 May 2017
Facebook Files published by The Guardian
- A deep dive into the workings of Facebook's moderation process, after criticism that the site hosts harmful, hateful and damaging content.
- Reports include testimonies from Facebook moderators themselves, an investigation into the details of moderation guidelines, and a look into the extremes of some of the content that has been allowed to exist on the site.
- The reports as a whole reinforced a need for transparency from Facebook in all areas, given the scope and influence of content shared on its platform.
2012-2014
Facebook discusses selling users' data in documents revealed by lawsuit
- In 2017 app developer Six4Three sued Facebook for closing its API from developers like themselves, who were dependent on user data to build products.
- Documents involved in the case (that Facebook attempted to keep sealed with a court order) reveal conversations as early as 2012 in which the platform discusses monetising user data.
- Facebook declined to comment on the contents of the documents, beyond Konstantinos Papamiltiadis, director of developer platforms and programs, claiming that the fact that they were "presented in a way that is very misleading without additional context".
10 May 2011
Third parties found to have access to Facebook users' personal data
- A report by Symantec found that applications integrated with Facebook had been leaking users' personal data to third parties.
- Symantec estimated that close to 100,000 applications had been leaking access to this information.
14 August 2008
Facebook allegedly violates federal wiretap law
- Soon after launching their Beacon programme, a federal class action lawsuit alleged that Facebook had been analysing and publishing the behaviour of users without their consent.
- Users had their purchases on sites like Blockbuster and Zappos published to their news feed, in one instance ruining a plaintiff's Christmas present for his wife.
- The suit highlighted Facebook as approaching violations of anti-hacking law and wiretap law a decade before the Cambridge Analytica scandal.
4 February 2004
Facebook is founded
- The details of Facebook's inception have long been disputed, not least because of the lawsuit filed by twins Tyler and Cameron Winklevoss, claiming that Mark Zuckerberg stole their idea for a social network.
- A follow up to this lawsuit implicated evidence that Zuckerberg had hacked into two users' private email addresses at the time.
- Though the success of Facebook was clearly not affected by the lawsuit, these early days of the platform associated it with questions of privacy from the beginning.
Photo by Thought Catalogue on Unsplash
Join Guild 🤝
See for yourself how the Guild experience is different to WhatsApp, Slack, LinkedIn or Facebook Groups.
Guild is a safe space to connect, communicate and collaborate with others.
Join us on a platform that is purpose-built for creating groups, communities and networks on mobile.