(Image: Getty Images)
Facebook has put in place systems to stop collecting confidential data from users, from third-party apps, about their health or religious practices, following an investigation by New York State Financial Services.
“The lack of global standards and digital regulations has paved the way for rigorous data collection and sharing, which violated the privacy of dozens of New Yorkers,” Governor Andrew Cuomo said in a statement Thursday.
The investigation revealed that the social media giant was receiving sensitive personal information (medical diagnoses, fertility data, financial data, etc.) from third-party apps.
They shared the information with Facebook data analysis services that the California Group makes available to them for free.
The statement said the practice violated Facebook’s regulations, but that the company “did almost nothing to enforce its rules or prevent the flow of sensitive data before the state investigation.”
“Facebook has asked app and website publishers not to share medical, financial and other personal information about consumers, but it has done nothing to stop them,” said Linda Laswell, the State Department’s finance director.
A Facebook spokesperson replied: “Sending sensitive data via third-party tools is a widespread problem in the industry, and we were happy to work with New York on ways to solve it.”
“We have improved our efforts to discover and block potentially sensitive data, and we are doing more to educate advertisers on the correct way to use our tools,” he added.
Facebook now has digital filters, which are supposed to identify and block confidential information before it ends up on its system, according to the governor’s office.
Andrew Cuomo had called for this investigation after an article in The Wall Street Journal describing the problem with third parties such as Flo, which is a health app.
He also called for updating federal laws to provide better protection for consumers, because “current legislation lags behind technological advances in the” big data “industry (data, editor’s note).
In the United States there is no federal data privacy law like the European Data Protection Regulation.
However, some states, led by California, have adopted laws similar to the European text.