Internet Privacy Advocates To FTC: Maybe Check Into This Whole Facebook & Datalogix Thing

After the world caught wind of Facebook’s sassy new partnership with data mining company Datalogix, we figured it would only be a matter of time before the public protestations started. The advocates over at the Electronic Privacy Information Center have teamed up with the Center for Digital Democracy are coming out with guns blazing against the pairing in a letter to the Federal Trade Commission.

EPIC and CDD are concerned because Datalogix will be sifting through the millions of bits of information it has access to on consumers who use retailers’ loyalty rewards programs and other data and matching that up with Facebook users. That way, Facebook can figure out how often people who look at ads actually end up buying the product in the store. That ain’t cool, writes the groups in the letter. They claim Facebook is in violation of the FTC’s order to not misrepresent its users’ privacy.

The gist of it goes like this: the FTC ordered Facebook to institute new privacy protections for its users, where it would be prohibted from not revealing to users how it’s maintaining their privacy and secure information. They have to fess up to how much a user can actually control the information Facebook maintains, and let users know how they can implement those controls. Facebook also is supposed to inform users before it shares info with a third party.

All of that is being thrown aside for Datalogix, says the letter to the FTC, and should be investigated because of it.

The Commission should investigate whether Facebook has violated Parts I and II of the  Consent Order. Facebook did not attempt to notify users of its decision to disclose user  information to Datalogix. Neither Facebook’s Data Use Policy nor its Statement of Rights and Responsibilities adequately explains the specific types of information Facebook discloses, the manner in which the disclosure occurs, or the identities of the third parties receiving the  information. In fact, Facebook only mentions Datalogix once – at the bottom of the “Interacting  with Ads” page. This page requires at least five actions to reach from the Facebook.com home  page and simply directs users to the Datalogix privacy policy. The Consent Order’s prohibition  on misrepresentations includes misrepresentations by omission.

Thus, the Commission should  determine whether Facebook’s failure to notify users of the disclosure of user information to Datalogix violates the consent order.

The letter goes on to lay out all the various ways in which the Facebook/Datalogix deal is shady, and closes by urging the FTC to start an investigation. If this plays out like other privacy complaints against Facebook, we’re willing to bet the FTC does take the charges seriously.