My Cart



Facebook Privacy Policy Audits 2012-2017 via FTC FOIA

Donate to Mad Dog

Posted on May 02 2018


FTC v Facebook previously discussed, here

FTC v Facebook consent decree, here

Facebook meets certified class, here

Facebook meets Cook County lawsuit, here


Pursuant to the July 2012 Order...



...Facebook SHALL submit to an Audit..

Part IV of the Order:

“requires Facebook to establish and implement, and thereafter maintain, a comprehensive privacy program that is reasonably designed to (1) address privacy risks related to the development and management of new and existing products and services for consumers, and (2) protect the privacy and confidentiality of covered information. “

Part V of the Order;

“requires Facebook to obtain initial and biennial assessments and reports (“Assessments") from a qualified, objective, independent third-party professional, who uses procedures and standards generally accepted in the profession. Facebook engaged has engaged Pricewaterhouse Cooper LLP ("PwC") to perform the independent assessment.’

🚨”As described on pages 6-14, Facebook established its privacy program by implementing privacy controls to meet or exceed the protections required by Part IV of the Order.”


🚨”As described on pages 15-18, PwC performed inquiry, observation, and inspection/examination procedures to assess the effectiveness of the Facebook privacy controls implemented to meet or exceed the protections required by Part IV of the Order during the two years ended February 11, 2017, and our conclusions are on pages 4-5.”

Page 4, see last paragraph:

“In our opinion, Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information and that the controls have so operated throughout the Reporting Period, in all material respects for the two years ended February 11, 2017, based upon the Facebook Privacy Program set forth in Management's Assertion.” 

I will admit when I read that last paragraph of the “Executive Report” I may have rolled my eyes, hard-ish that I gave myself a raging headache. Notwithstanding this PWC Audit/Report actually matters because the time period in question is the EXACT time frame in which Cambridge Analytica “improperly obtained” user data. And any “investigation” the FTC may underttake, could be undercut by the data in their privacy Audit. You can read the 2015/2017 Facebook Privacy Audit, here.

Also we as in the general public would have be unable to review these audits, if it were not for numerous News Organizations that filed multiple FOIA request. So for that I am grateful for our press, they help let the sunshine in.

This is the main FTC FOIA page regarding Facebook’s Privacy Contriols audits, perhaps the Media could submit FOIA request for Twitter’s audits. Because I am unable to actually find any of the mandatory audits for twitter. Link to FTC Facebook FOIA page, here

Basically this audit could give Facebook ample cover to argue:


”see we didn’t do anything wrong, mea culpa”



Conversely I’d like for you to read Facebook’s “assessment” pages 6 thru 14 but specifically pages 8 & 9, sections entitled:

A. Responsibility for the Facebook Privacy Program (page 8)


B. Privacy Risk Assessment (page 9) 

Which reads in part:

“...Facebook identifies reasonably foreseeable, material risks, both internal and external, that could result in Facebook's unauthorized collection, use, or disclosure of covered information, and assesses the sufficiency of any safeguards in place to control these risks. As part of this process, members of the Privacy Governance Team consider risks in relevant areas of Facebook's operations. These areas include governance, product design, engineering (including product development and research), community operations (including third-party developers}, advertising, awareness and training, employee management, and security”


As you read these audits, understand that there’s plennty of blame to go around and as unpopular as this sounds, yes the FTC may have some fault. Although if the FTC took PWC & Facebook on their word then, yes of course the FTC has limited exposure. In the end the majority of the blame & responsibility ultimately falls (as if should) to Facebook.


Remember Facebook was “aware” of the misappropriation of their user data for almost two years and they did nothing. No litterally they did nothing. So their feigned apology, not accepted, return to sender.


For historical and transparency, the FTC recently uploaded Facebook’s November 2012 Audit, Link here


Facebook Initial-Privacy Audit 2012/2013

Surprise 3 out of 3 Audits largely boilerplate, although this intital Audit has a lot of data that the following two audits lack. Link to FTC v Facebook 2012 Privacy Audit, here

Facebook Privacy 2013/2015 Audit


And not so surprisingly you betcha PWC & Facebook second audit appears to be largely a cut & pasted from their 2012. I mean come on? Link to the FTC audit, here 

Apology NOT accepted

Mark, 3 years?


View on YouTube

While you're here, throw us a bone.

Mad Dog is thrilled to have Spicy in our PAC(k). We are proud to provide a space for her tireless, hard hitting, in-depth investigations. But we can’t do it without you.

Our numbers are growing. Our voices are being heard. Our campaigns are making a difference. Help us, and Spicy, continue to fight the good fight. Consider a donation to help support the work of Mad Dog PAC today.



Leave a comment

All blog comments are checked prior to publishing