Privacy Law

New Facebook Program Matching Users, Brick-and-Mortar Retail Data Sparks Complaint to FTC

Facebook users, knowing that they might be targeted by advertisers based on what they posted online, have been willing to trade some privacy for the convenience of easy online access to other individuals throughout the country and globally.

But the social networking site has now embarked on a new marketing program that violates both users’ expectation of privacy and a settlement last year with the Federal Trade Commission, contends the Electronic Privacy Information Center, joined by the Center for Digital Democracy, in a complaint filed with the FTC. A copy of their Sept. 27 letter (PDF) is linked to a brief statement on EPIC’s website.

The complaint centers on a new program in which Facebook allows outside companies to target advertising at groups of 20 or more users if the companies have the users’ email addresses or phone numbers, the Wall Street Journal reports.

Meanwhile, Facebook has also begun experimentally placing its own ads on third-party websites and smartphone apps. Facebook can target such advertising at specific individuals because they are logged into Facebook, the article continues, explaining that it appears Facebook may be working on developing an enormous advertising network that would be a ubiquitous Internet-based presence on computers and smartphones.

Now, with the help of a third-party data-mining company known as Datalogix, which collects information about customer behavior in brick-and-mortar stores, Facebook is also matching users’ advertising-related behavior online with what they do in actual retail environments, the article says. The goal is to show that $1 spent on Facebook advertising generates significantly more in sales.

Erin Egan, who serves as Facebook’s chief privacy officer, says the company believes “our business model is fully compatible with honoring privacy.”

But EPIC contends otherwise in the FTC complaint, the WSJ reports. EPIC argues that Facebook’s sharing of information with Datalogix, even though Facebook says individual identifying information isn’t shared, violates a FTC consent agreement provision that Facebook would not provide information about users to third parties without users’ express permission.

There’s a significant difference, said EPIC’s consumer protection counsel David Jacobs, between the new marketing approach and Facebook users knowing, as they have for years, that they “might be targeted based on what they posted online, but that was separate from what you did off of Facebook or in the real world.”

Under the new approach, he says, “the rules have changed and this information is being matched or cross-referenced. There is an issue with changing the rules on people.”

Additional coverage:

Law & Disorder (Ars Technica): “Privacy groups seek investigation of Facebook’s retail data sharing”

Hillicon Valley (The Hill): “Privacy groups call for FTC probe into Facebook’s new ad-tracking partnership”

IDG News Service: “Facebook-Datalogix deal may skirt privacy promises”

San Jose Mercury News: “Facebook launches new ad programs but privacy groups worry”

We welcome your comments, but please adhere to our comment policy and the ABA Code of Conduct.

Commenting is not available in this channel entry.