Facebook has started blocking sensitive health information that third-party apps had been sharing with the social network in violation of its own rules, said New York officials who investigated the situation.
“Facebook instructed app developers and websites not to share medical, financial, and other sensitive personal consumer data but took no steps to police this rule,” state financial services superintendent Linda Lacewell said in a release.
“By continuing to do business with app developers that broke the rule, Facebook put itself in a position to profit from sensitive data that it was never supposed to receive in the first place.”
User information from apps is regularly shared with Facebook through a tool that offers developers free analysis of data to help guide improvements to apps, according to the investigation launched last year.
“Our policies prohibit sharing sensitive health information and it’s not something we want,” a Facebook spokeswoman said in response to an AFP inquiry.
“We have improved our efforts to detect and block potentially sensitive data and are doing more to educate advertisers on how to set-up and use our business tools.”
Investigators cited the example of a Flo Health app for menstruation and fertility tracking used by more than 100 million people informed Facebook each time a user logged starting her period or noted intention to get pregnant.
“Large internet companies have a duty to protect the privacy of their consumers — period,” New York Governor Andrew Cuomo said in the release.
Such sharing violated Facebook policy, but went unchecked by the California-based internet giant, investigators concluded.
Facebook created a list of terms blocked by its systems and has been refining artificial intelligence to more adaptively filter sensitive data not welcomed in the analytics tool, according to the report.
The block list contains more than 70,000 terms, including diseases, bodily functions, medical conditions, and real-world locations such as mental health centers, the report said.
The report endorsed a data privacy law proposed in the state by the governor that would expressly protect health, biometric, and location data as well as create a Consumer Data Privacy Bill of Rights.