The Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) want the Federal Trade Commission (FTC) to examine the new alliance between Facebook and Datalogix.
Datalogix bills itself as a specialist in “purchase-based audience targeting.” According to its DLX database apparently contains shopping-related data on more than 100 million U.S. households, in addition to $1 trillion in consumer spending “including coverage across 1200+ retailers.”
According to the Financial Times, Facebook and Datalogix have teamed up to measure the effects of some 45 marketing campaigns so far, with the two companies matching consumer information from loyalty-card programs to the identifiers (such as email addresses) used to set up Facebook accounts. Combining those datasets could offer insight into whether consumers are actually heading out and buying certain products or services advertised on Facebook.
While the two companies apparently strip personal information from the datasets, EPIC and CDD nonetheless have significant concerns over how that data is handled, and by whom.
“Facebook is matching the personal information of users with personal information held by Datalogix,” EPIC wrote in a Sept. 27 posting on its Website, hinting that such a deal could violate the social network’s previous agreement with the FTC prohibiting it “from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users’ personal information.”
On its Website, EPIC offered a more extensive breakdown of its argument. “EPIC said that Facebook had omitted nearly all information about the partnership with Datalogix, and noted that the prohibition on ‘sharing’ was not well-defined,” it wrote. “Finally, EPIC explained that Datalogix’s method of opting out was confusing and ineffective.”
For its part, the Center for Digital Democracy had concerns not only about Facebook’s relationship with Datalogix, but also the latter’s affiliates, including Admeld, Audience Science, Lotame, and many others (a complete list is available on its Website).
“Facebook did not attempt to notify users of its decision to disclose user information to Datalogix,” the organization co-wrote (along with EPIC) in a letter to the FTC. “Neither Facebook’s Data Use Policy nor its Statement of Rights and Responsibilities adequately explains the specific types of information Facebook discloses, the manner in which the disclosure occurs, or the identities of the third parties receiving the information.”
Moreover, the letter continued, Facebook only mentions Datalogix once in those documents. “The Consent Order’s prohibition on misrepresentations includes misrepresentations by omission.” And that, the organizations feel, opens Facebook to an investigation in whether it failed to disclose its use of information in ways that violate that consent order.
In a statement quoted by The Hill and other publications, Facebook said it was “confident that we are in compliance with our legal obligations.”