Facebook's worst privacy scandals and data disasters

It seems like every few weeks Facebook comes under fire for yet another privacy or data-related scandal. As one of the world's most popular social networks, the company is held to a high standard by regulators worldwide and is expected to maintain adequate privacy protections and to not abuse the power it holds.

Whether or not Facebook does, however, is up to both regulators and users to decide. 

Perhaps the most well-known example of a failure in Facebook's privacy and data management is the 2018 Cambridge Analytica scandal.

Facebook permitted the "unfair" sharing of user data with developers without "clear and informed consent," regulators say. Up to 87 million users in the UK, US, and beyond are believed to have been affected. 

User data, including names, liked content, and locations, may have been used to sway voters in the leadup to the US presidential elections. Russian interference is suspected.

The abuse came from a personality profiling app which not only harvested information belonging to users but also their contacts.

The social network was fined by the UK's Information Commissioner's Office (ICO) and Facebook CEO Mark Zuckerberg was hauled in front of US Congress to explain the firm's actions. 

See also: Facebook must pay UK's ICO £500,000 over Cambridge Analytica scandal | Facebook appeals £500,000 penalty over Cambridge Analytica scandal | Trump-linked data firm Cambridge Analytica harvested data on 50 million Facebook profiles to help target voters | Data breach exposes Cambridge Analytica's data mining tools

Following the public disclosure of the privacy issue, the UK also demanded Zuckerberg's presence in front of parliament. This request was continually ignored.

When an executive from another company with access to confidential documents and internal communications related to the scandal visited London, the UK exercised parliamentary powers to force him to hand them over. The same documents were kept under seal in the US but the UK held the right to publish them at whim. 

Read on: UK gov't seizes documents Facebook wanted to keep private in Cambridge Analytica battle

In July 2018, Facebook revealed that threat actors were once again abusing the platform for political purposes; in particular, the US midterm elections.

Read on: Facebook reveals new covert efforts to sway 2018 midterm elections

In November 2018, the news broke that Facebook had hired Definers, a PR firm specializing in opposition research.

Reports suggested that the company was tasked with gathering intelligence on public figures critical of the company, such as George Soros, who has deemed the social network a "menace to society."

Facebook and Definers denied any wrongdoing.

A bug in Facebook was revealed in December which may have exposed the private photos of up to 6.8 million users. It is believed that roughly 1,500 apps built by 876 developers could have accessed such content. 

The vulnerability was present in backend code between September 13 to September 25, 2018. 

Read on: Facebook bug exposed private photos of 6.8 million users

In December, Facebook was forced to defend its data-sharing practices in relation to what is shared with other companies, including "special arrangements" with firms including Microsoft, Netflix, and Spotify.

While Facebook said the deals -- agreed upon as far back as 2010 and potentially involving as many as 150 companies -- were made for the benefit of user experience, the APIs for these features were left in place long after sharing programs were shut down. Facebook said that the issue was being investigated. 

See also: Facebook defends giving tech giants access to extensive user data

The cache of documents seized by UK officials earlier in the year resurfaced in December -- which was certainly a busy month in Facebook's PR department -- and emails revealed that Facebook executives had discussed selling user data to major spenders.

It was also revealed that Facebook had been recording call and text logs from Android phones in 2015, and user data scraped by free VPN provider Onavo, acquired by Facebook in 2014, had been used to determine future business deals. 

January has not been quiet for Facebook, either.

After announcing plans to merge WhatsApp, Instagram, and Facebook Messenger, EU regulators raised questions over whether or not the company would be capable of complying with the EU's GDPR regulations.

Given Facebook's track record of data-slurping practices, when the "10- year challenge" meme began making the rounds, questions were asked concerning the true nature of the trend. 

Users were asked to post images of themselves ten years' apart and critics suggested that this was a way for the social network to train its image recognition algorithms.

It was suggested that perhaps Facebook was the creator of the challenge in the first place, which also spread across Twitter and Instagram. Facebook has denied these claims.

To wrap up the month with a bang, a marketing research project conducted by Facebook which offered users between the ages of 13 and 35 money in return for downloading an app granted unfettered access to their data was revealed. 

Offered to iOS and Android users, the app was downloaded outside of the official Apple and Google stores. Apple concluded that the iOS version of the app abused developer rules and revoked Facebook's enterprise developer program certificate. 

Access was restored by Apple a day later, which also punished Google in the same way for overstepping app privacy boundaries.

Read on: Facebook slammed over covert app that pays teenagers for data | Apple pulls the plug on Facebook's internal iOS apps