ARTICLE
26 February 2021

NYDFS Reports On Investigation Into Facebook's Transmission Of Sensitive Data

CW
Cadwalader, Wickersham & Taft LLP

Contributor

Cadwalader, Wickersham & Taft LLP logo
Cadwalader, established in 1792, serves a diverse client base, including many of the world's leading financial institutions, funds and corporations. With offices in the United States and Europe, Cadwalader offers legal representation in antitrust, banking, corporate finance, corporate governance, executive compensation, financial restructuring, intellectual property, litigation, mergers and acquisitions, private equity, private wealth, real estate, regulation, securitization, structured finance, tax and white collar defense.
Explore Firm Details
After. investigation, the New York State Department of Financial Services ("NYDFS") found that Facebook routinely obtained sensitive data
United States Finance and Banking
Person photo placeholder
Authors

After investigation, the New York State Department of Financial Services ("NYDFS") found that Facebook routinely obtained sensitive data, including medical information, that was collected through consumers' use of third-party applications.

New York Governor Andrew Cuomo accepted the report, in which the NYDFS concluded that the receipt of sensitive data was in violation of Facebook's policy, that the data was shared as part of Facebook's free online data analytics services, and that Facebook did not take substantial steps towards enforcing its policy or halting the dissemination of the data.

In response to the investigation, Facebook instituted remedial measures, including (i) implementing a data screening system intended to prevent its receipt of such information, (ii) upgrading its app developer education to better instruct developers regarding their responsibility for preventing the transmission of sensitive data and (iii) providing users with additional control over the collection of personal data.

NYDFS recommended that Facebook further enhance its protection of consumer privacy by implementing:

  • a front-end strategy to prevent the transmission of sensitive data from app developers, rather than heavily relying on a back-end system that cannot reasonably prevent the transmission of all sensitive information; and
  • a system for apps subject to repeated blocks by Facebook that would (i) identify whether a violation actually occurred, (ii) warn those who have been determined to violate Facebook's policy and (iii) impose material sanctions against violators, such as their removal from Facebook's systems.

Additionally, NYDFS recommended the establishment of a "clear nationwide legal framework for accountability enforced by a robust federal regulator." NYDFS expressed support for Governor Cuomo's proposed New York Data Accountability and Transparency Act (or "NYDATA") (Part II of Public Protection and General Government Article VII Bill / NYS FY 2022 Executive Budget), which would (i) require any data-collection entity impacting New Yorkers to disclose its use of such data collection and to limit the data it collects to satisfy that purpose, (ii) clearly protect certain types of sensitive information, including health, biometric and location data, and (iii) create a Consumer Data Privacy Bill of Rights.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Cadwalader, Wickersham & Taft LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More