Corporate Accountability News Highlights is a regular series by Ranking Digital Rights highlighting key news related to tech companies, freedom of expression, and privacy issues around the world.
Facebook CEO to testify before U.S. Congress
Facebook CEO Mark Zuckerberg will testify before two U.S. congressional panels next week over revelations that data of millions of Facebook users was sold to political consulting firm Cambridge Analytica. In 2014, a researcher at the University of Cambridge developed a personality quiz app that collected data from 270,000 users.
Mark Zuckerberg at the 2016 Mobile World Congress. Photo by Alessio Jacona (CC BY-SA 2.0) via Flickr.
The app also enabled the researcher to collect data about those in the friend networks of the quiz respondents without their knowledge. The developer then sold the data to Cambridge Analytica, which used the data to build detailed profiles of American voters and target them with pro-Trump political ads. The number of users impacted was first believed to be about 50 million. However, on April 4, Facebook revealed that data of 87 million users “may have been improperly shared with Cambridge Analytica.” Although mostly in the U.S., users in nine other countries including the Philippines, Indonesia, the UK and Mexico were affected.
Zuckerberg will first appear before a joint hearing by the Senate Judiciary and Commerce committees on April 10. The following day he will appear before the House Energy and Commerce Committee. The hearing “will explore approaches to privacy that satisfy consumer expectations while encouraging innovation,” Senator Chuck Grassley, the chairman of the Judiciary Committee said in a statement. The House Energy and Commerce Committee hearing “will be an important opportunity to shed light on critical consumer data privacy issues and help all Americans better understand what happens to their personal information online,” representatives Greg Walden and Frank Pallone from the energy committee said.
Since the revelations were first made a few weeks ago, Facebook has been facing scrutiny over its handling of user information. The U.S. Federal Trade Commission (FTC) company is already investigating whether the company violated a 2011 settlement barring it from sharing users’ data without their consent.
Internet, mobile, and telecommunications companies should give users options to control how their information is collected and used for targeted advertising. Companies evaluated in the 2017 Corporate Accountability Index did not disclose enough information about such options. Facebook disclosed less about these options than any of the other 12 internet and mobile ecosystem companies evaluated. The company did not disclose options allowing users to control the company’s collection of their user information, and how their information is used for targeted advertising.
Messaging application Telegram faces bans in both Iran and Russia
The Iranian government has announced that it will permanently block Telegram by April 20 after it releases its own messaging app. The chairman for the Iranian parliament’s national security commission cited “national security” as the reason for the ban. Telegram is popular in Iran with 45 million users. Iranian authorities resorted to blocking and throttling access to the service in response to anti-government protests this winter. Government officials are also promoting the use of local applications to end what they describe as Telegram’s “monopoly” over instant messaging services in Iran. However, activists say that local alternatives, such as Soroush, are not secure.
In Russia, Telegram is also facing a ban after it rejected a demand to hand over encryption keys to Russia’s communications watchdog, Roskomnadzor. Last March, a Russian court gave Telegram two weeks to allow authorities to access its users’ encrypted messages or risk being blocked in the country. In a letter to Roskomnadzor, Telegram’s lawyer explained that the company is “technically unable” to comply with this demand.
Telecommunications companies should be transparent about their processes for responding to government requests to restrict access to networks or to certain services and platforms. They should disclose information about how they handle government network shutdown demands, including under whose authority a shutdown is ordered, so that those responsible can be held accountable. None of the telecommunications companies evaluated in the 2017 Corporate Accountability Index disclosed sufficient information about how they handle government network shutdown demands.
Grindr to stop sharing user HIV status with other companies
LGBTQ dating app Grindr said that it will stop sharing information about the HIV status of its users with third-party companies. The announcement came after it was revealed that the company was sharing such sensitive information with two software vendors, Apptimize and Localytics. Grindr said that such data was shared with the two companies, to “help [the company] improve the experience for [its] users.” However, Cooper Quintin, senior staff technologist and security researcher at the Electronic Frontier Foundation, told BuzzFeed News that “there was no reason for them to be storing that data with these analytics companies in the first place.”
In Norway, a consumer protection group filed a complaint to the country’s data protection authority for breaching national and European data protection laws. In the complaint, the group argues that Grindr does not treat information about sexual orientation and health status, considered as sensitive personal data in the EU, “with great care.” The company fails to “obtain a separate and clearly given consent” from users about the sharing of their sensitive data, and transmits such data unencrypted.
Internet, mobile, and telecommunications companies should be transparent about what user information they share, with which parties and for what purposes. Internet companies should also encrypt user communication and private content.
Important notice: We are launching a new mailing list on Monday April 9. If you are currently subscribed to receive blog post updates, and wish to continue receiving blog post updates from us, you will need to opt-in to the new mailing list here. If you have not previously subscribed to our updates, but want to start receiving them, you can also sign up here.
