Two privacy watchdogs filed a joint letter with the Federal Trade Commission on Thursday alleging Facebook may already be skirting an agreement to be more clear over how it handles user data.
A partnership with a data collector called Datalogix may violate parts of a recent FTC consent order that outlined privacy principles Facebook should follow, wrote the Center for Digital Democracy (CDD) and the Electronic Privacy Information Center (EPIC).
[ In other news about Facebook: Zuckerberg upbeat on search, denies smartphone rumors. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]
"Facebook did not attempt to notify users of its decision to disclose user information to Datalogix," according to the letter.
Datalogix collects data on what people buy through loyalty card programs administered by retailers. Those loyalty card users are matched to their Facebook profiles in order to serve them targeted ads based on users' buying behavior. Facebook and Datalogix maintain the matching is done after the data is anonymized on both sides.
Facebook users are automatically enrolled in the program. But the process for opting out of it is neither clear nor easy. Deep in its "Help Center," Facebook discloses its partnership with Datalogix. In the letter to the FTC, the CDD and EPIC noted it takes five separate actions to reach Facebook's mention of Datalogix.
On that page, Facebook does not give further information describing its link to loyalty-card programs and what people buy. The FTC's agreement with Facebook, finalized in August, forbids misrepresentations by omissions, the groups wrote. "Thus, the Commission should determine whether Facebook's failure to notify users of the disclosure of user information to Datalogix violates the consent order," the letter said.
The cookie is an opt-out cookie, which will tells Datalogix not to collect and store data from the person's Web browser for tracking purposes. Tests show that Facebook, however, does not install any Datalogix cookies on a person's browser when a person visits the social-networking site. It means that the installation of Datalogix's opt-out cookie would not stop the exchange of data between Facebook and the company.