Facebook Fixes Privacy Bug Spotted by Consumer Reports
The problem affected ad preferences for iPhone users
Facebook has corrected an inconsistency in a privacy setting on its iPhone app in a recent update. Consumer Reports' privacy experts had pointed out that the app could mislead consumers about their ad preferences.
After the Cambridge Analytica data scandal broke in March, Facebook repeatedly promised to make reforms, saying in one blog post that the company would “put people more in control of their privacy.” In June, Consumer Reports analyzed Facebook privacy settings to see whether the company had made it easier for consumers to protect their privacy on the platform.
Our privacy experts found that the design and language used in Facebook's privacy controls nudge people toward sharing the maximum amount of data with the company. We also found a mistake in the design of an ad preferences setting in the iOS, or iPhone, version of the Facebook app.
When iPhone users navigated to the app’s ad preferences menu, they found a setting titled “Ads based on data from partners,” and right below it the words “Not Allowed.” This implied that Facebook would not show those users ads based on data from the mobile apps and websites they had gone to, according to privacy experts at Consumer Reports.
However, if you swiped through a couple more screens, you found a slider to control this setting, switched to “Allowed” by default. That let Facebook use the data to show such targeted ads.
Consumer Reports experts say they welcome the change, but they are calling on Facebook to make further changes to the setting to enhance consumer privacy.
"We are glad that Facebook has fixed the broken default setting on the iOS version of their app" says Katie McInnis, policy counsel for Consumers Union, the advocacy division of Consumer Reports. "However, the current default settings for ad preferences on Facebook are the less privacy-protective options. We urge Facebook and other platforms to make their default settings privacy-protective by design."
Like most websites, CR.org also collects user data. You can get the details in our privacy policy.
