NYDFS issued a report last week concerning Facebook data privacy deficiencies, following a WSJ report that Facebook received sensitive user data from some popular apps, including a fertility-tracking app named “Flo,” for use in Facebook’s analytics tool.
– Facebook’s subsidiary, Facebook Payments Inc., is licensed as a money transmitter but the report found Facebook Payments “had no involvement in the privacy issues examined.” Since Facebook, the parent, indicated its willingness to cooperate “fully” the parties sought to avoid any clash about jurisdictional issues.
– NYDFS found that, while Facebook had taken steps to remediate, such as building a screening tool that would reject sensitive health information, it failed to “engage fully” with respect to other remediation proposals, and its effort to enforce its own policies against collection of sensitive data was “seriously lacking.”
– In January 2021, the Federal Trade Commission reached a proposed settlement with “Flo,” the fertility tracking app, requiring it to keep promises about user privacy.
– NYDFS argues this is another incident demonstrating the need for greater regulation on the federal and state level.
The NYDFS report can be found here: https://www.dfs.ny.gov/system/files/documents/2021/02/facebook_report_20210218.pdf
The proposed Consent Order and Complaint for the Flo Health matter can be found here: https://www.ftc.gov/enforcement/cases-proceedings/1923133/flo-health-inc