Attorney General Coffman Demands Answers from Facebook | Attorney General - State of Colorado

Attorney General Coffman Demands Answers from Facebook

Bipartisan group of 37 Attorneys General tell Facebook CEO Mark Zuckerberg to turn over information on Facebook’s business practices and privacy protections

DENVER – Today, Attorney General Cynthia H. Coffman announced that she has joined a bipartisan coalition of 37 state and territory Attorneys General in sending a letter demanding answers from Facebook CEO Mark Zuckerberg about the company’s business practices and privacy protections.

“Colorado consumers deserve answers from Facebook regarding their data collection practices, which have raised serious concerns about protecting consumer privacy,” said Attorney General Coffman. “Simply downloading an app should never mean that consumers give up their right to control what happens to their personal data or their friends’ personal data, nor does it mean that they have consented to having their every move tracked and their information sold to third parties for profit.”

The Colorado Attorney General’s Office has made the protection of personal information a top priority and is currently working on legislation at the state Capitol to update Colorado’s consumer protection laws regarding data breach notifications and to enhance protections for consumers’ personal information.

In their letter to Facebook, the Attorneys General raised concerns about news reports that indicate the data of at least 50 million Facebook profiles may have been misused by third-party software developers. Facebook’s policies allowed developers to access the personal data of “friends” of people who used certain applications – without the knowledge or consent of these users.

The letter to Zuckerberg raises a series of questions that the Attorneys General want answers to about the social networking site’s policies and practices, including:

  • Were those terms of service clear and understandable?
  • How did Facebook monitor what these developers did with all the data that they collected?
  • What type of controls did Facebook have over the data given to developers?
  • Did Facebook have protective safeguards in place, including audits, to ensure developers were not misusing the Facebook user’s data?
  • How many users in the states of the signatory Attorneys General were impacted?
  • When did Facebook learn of this breach of privacy protections?
  • During this timeframe, what other third party “research” applications were also able to access the data of unsuspecting Facebook users?

The Attorneys General write in the letter: “Facebook apparently contends that this incident of harvesting tens of millions of profiles was not the result of a technical data breach; however, the reports allege that Facebook gave away the personal data of users who never authorized these developers to obtain it, and relied on terms of service and settings that were confusing and perhaps misleading to its users.”