If I was in a deep hole I'd stop digging.

In December 2010 I met with representatives of facebook in Palo Alto to discuss the need to adopt a privacy by design approach & proposed app privacy design guidelines.

I met with another representative of FB in 2013 & discussed
3rd party developers & 3rd party access & the need for guidance & an accountability.

So, y'all was aware of the need for PbD cos I had those discussions. Y'all now shouldn't be kinda saying 'those dumb fucks' didn't change settings that we made difficult to understand or that
"hey y'all look, it's not our fault .. it malicious actors ..."

Malicious actors that took advantage of Facebook's failures and approach to privacy ... cos y'all, in 2004 Zuck himself once called users dumb fucks for handing over their data esquire.com/uk/latest-news…
So, perhaps regulators will be looking at how Facebook met it's data protection by design obligations which existed prior to the GDPR under Directive 95/46 EC via Recital 46 for example.
There's a litany of Facebook failures but somehow its those dumb fuck users who are to blame eh @fbnewsroom ?
The EU Justice Commissioner & other EU officials & Germany's chief federal privacy regulator will be feeling much better to know it wasn't the fault of Facebook & that they should have been more careful & not trusted Facebook - dumb fucks eh Zuck? politico.eu/article/eu-lea…
👆 So perhaps now that the EU Justice Commissioner & Germany's chief federal privacy regulator & US politicians have been impacted, we'll see change happen. Perhaps we'll see the kid of regulatory scrutiny and enforcement needed. politico.eu/article/eu-lea…
Facebook says it chose not to notify users as "the data was publicly available [7] users could not fix the issue."
reuters.com/article/idUSKB… As others have stated, the GDPR obligation to notify users of a personal data breach doesn't depend on whether a user can fix the issue 🤔
Unless FB can demonstrate that Article 34(3) applies then it would seem they breached the GDPR by failing to notify users. So, will @DPCIreland enforce Article 34(4) of the GDPR.

But it appears FB did not notify the DPC or other EU DPAs in breach of Article 33. BUT, there's
Facebook's SEC filing for the period ending 30/09/20. In which FB stated that "From time to time we also notify the IDPC [@DPCIreland] our designated European privacy regulator under the General Data Protection Regulation, of certain other personal data breaches & privacy issues"
So, 👆 if in its SEC filings FB advises it notifies the @DPCIreland of 'personal data breaches' WHY didn't it notify of the breaches in question? (I haven't seen evidence that FB did notify the DPC)

Likewise in its SEC filing of 31/12/20 Facebook states, "Our industry is prone to cyber-attacks by third parties seeking unauthorized access to our data or users' data or to disrupt our ability to provide service. Any failure to prevent or mitigate security breaches and improper
access to or disclosure of our data or user data, including personal information, content, or payment information from users, or information from marketers, could result in the loss, modification, disclosure, destruction, or other misuse of such data, which could harm our
business and reputation and diminish our competitive position"

"As a result of our prominence, the size of our user base, the types and volume of personal data and content on our systems .. we believe that we are a particularly attractive target for such breaches and attacks"
Link to December 2020 SEC filing sec.gov/ix?doc=/Archiv…
SEC filing Dec 2018. "Our industry is prone to cyber-attacks by third parties seeking unauthorized access to our data or users’ data .."

"we believe that we are a particularly attractive target for such breaches and attacks"
"Although we have developed systems and processes that are designed to protect our data and user data, to prevent data loss .. to prevent or detect security breaches, we cannot assure you that such measures will provide absolute security"
"the GDPR requires submission of breach notifications to our designated European privacy regulator, the Irish Data Protection Commissioner [@DPCIreland] & includes significant penalties for non-compliance with the notification obligation .." 2018 sec.gov/Archives/edgar…
“A strong enforcement of #GDPR is of key importance. Facebook should fully cooperate with Irish authorities.” EU Commissioner for Justice

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Privacy Matters 💙

Privacy Matters 💙 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @PrivacyMatters

6 Apr
Facebookin like a slippery eel. Responding to @DPCIreland the data was "publicly available & scraped prior to changes made to the platform in 2018 and 2019."

Let's take a skip down memory lane eh tweeps.

2005. MIT researchers scrape data on 70000 users groups.csail.mit.edu/mac/classes/6.…
2007 Facebook introduces Beacon to track user activity off FB. It led to a class action & settlement cnet.com/news/facebook-…

2009 Facebook shared data with advertisers that suers thought was private. Led to an FTC order nytimes.com/2011/11/30/tec…
2013 a 'bug' exposed the phone numbers & email addresses of over 6 million users to unauthorised viewers for over a year facebook.com/notes/10157814…

2014 87 million profiles harvested by Cambridge Analytica (*cough*) wired.com/story/facebook…
Read 16 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!