The Federal Trade Commission has received a complaint that accuses Facebook for not protecting sensitive health data in groups. Released publically today, the complaint says that Facebook improperly disclosed information on members of closed groups. Last year, a women’s group called BRCA who deal with gene mutation found that sensitive information like names, addresses, emails, etc. could be downloaded manually or through a Chrome extension.
When the BRCA group brought the issue to notice, Facebook made the required changes and ended the practice. Facebook had also announced that the decision wasn’t related to the BRCA group’s concerns only and the “ability to view the data was not a privacy flaw.” The social media giant also pushed the option for secret groups that come with limited discoverability and are harder to join.
However, BRCA advocates and a security researcher filed a complaint to the FTC that it was indeed a breach of cybersecurity. They said that Facebook had clearly not mentioned that part of a member’s personal information would be given up when they joined a group.
The complaint also argues that Facebook has made it too easy for members to gain information about others in the group as well. Although there have been changes made, the ability to view personal information is ever present on the platform. Facebook hasn’t commented on the complaint; right now, it’s busy dealing with a multibillion-dollar fine with FTC over security and privacy lapses.