Congress wants Facebook to explain why closed groups leaked user data

Little-known user data leak uncovered in July 2018 comes back to haunt Facebook.
Written by Catalin Cimpanu, Contributor

Members of the US House of Representatives Energy and Commerce Committee wrote Facebook CEO Mark Zuckerberg today demanding answers from the exec and its staff about the company's most recent privacy scandal.

US lawmakers sent their letter today after yesterday a group of health privacy experts revealed that they filed a complaint against Facebook with the US Federal Trade Commission last December.

The 43-page grievance, available online here, accuses Facebook of misleading users about the privacy of its "closed" groups.

The complaint is connected to a privacy issue that Facebook dealt with over the summer. According to a CNBC report at the time, the leader of a health-centric Facebook group discovered that a Chrome extension for marketers allowed advertisers to collect the names and emails of users who joined Facebook "closed" groups, including the details of a group she organized for women with BRCA gene mutations.

She argued that the company had failed or misled users into believing that "closed" groups are private, but in reality allowed external entities access to sensitive information.

She said that in many health groups, members share deeply personal health information, such as details about past diseases, disorders, sexual history, and more.

While for most public and even closed groups this wouldn't have been a big problem, she argued that members of health-centric "closed" groups are actively trying to conceal their affiliation with medical issues that could lead to harassment and discrimination.

Facebook addressed the "data leak" issue over the summer by preventing access to "closed" group members' names and emails.

"This consumer complaint raises a number of concerns about Facebook's privacy policies and practices," House Energy and Commerce Committee leaders wrote in their open letter.

"Labeling these groups as closed or anonymous potentially misled Facebook users into joining these groups and revealing more personal information than they otherwise would have," lawmakers said. "And Facebook may have failed to properly notify group members that their personal health information may have been accessed by health insurance companies and online bullies, among others."

The Committee wants an explanation from Facebook on how exactly its Groups feature works by March 1.

This is just the latest in a long line of privacy-related events the social network has been recently involved with. See the gallery below for a summary of all of Facebook's privacy snafus.

Facebook's worst privacy scandals and data disasters

Previous and related coverage

Editorial standards