A complaint has been raised on Facebook with the FTC accusing the company of failing to protect sensitive health data in its groups. The complaint was released publicly earlier today and was filed in January 2019. It urges that the company improperly disclosed information on members of closed groups.
The issue first appeared in the news in July 2018, when members of a group for women with a gene mutation called BRCA discovered sensitive information, like names and email addresses of members, could be downloaded in bulk, either manually or through a Chrome extension. However, Facebook made changes to the groups that ended this practice but mentioned that it is not related to the BRCA group’s concerns. The company also said at the time that the ability to view the data was not a privacy flaw, and noted that there was also an option for “secret” groups, which are more difficult to join but also have more limited discoverability.
The complaint was filed by a security researcher and BRCA advocates, among others. While the company might have also made changes to the ability to view personal information, the complaint argues that it is still too easy for a member to harvest information on others in a group. Facebook did not comment on the complaint and is also reportedly negotiating a multibillion-dollar fine with the FTC over privacy lapses.