Online Groups to Facebook: Immediately Alert the 87 Million Users Whose Data Was Secretly Taken by Cambridge Analytica

Today, a coalition of grassroots online advocacy groups announced they have gathered more than 200,000 petition signatures calling on Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg to immediately alert all Facebook users whose personal data was compromised by Cambridge Analytica.

The announcement amid new revelations from Facebook that raised the estimate of users whose data had been taken to 87 million, up from an earlier count of 50 million.

The groups, Demand Progress, CREDO Action, and Daily Kos, noted that nearly three weeks into the media firestorm surrounding Facebook and Cambridge Analytica - and three years after Facebook learned of the situation - no users have been notified if their personal data was affected.

"This is a crisis of trust. Mark Zuckerberg needs to demonstrate that Facebook users' wellbeing - not Facebook's profit line - is the company's number one priority." said Kurt Walters, campaign director at Demand Progress. "Facebook must stop the foot-dragging and immediately alert everyone whose personal data was compromised by Cambridge Analytica or other third parties."

A whistleblower account in the Guardian and New York Times on March 17 revealed 50 million Facebook users' personal information had been taken by a company linked to Cambridge Analytica and employed in campaigns such as Donald Trump's presidential campaign and pro-Brexit efforts in the United Kingdom. The firm's CEO claimed this Facebook data was its "secret sauce" helping both campaigns win.

Additionally, the groups note that Zuckerberg's on-record statements imply that Facebook does not plan to actively notify affected users. Instead, Zuckerberg suggested Facebook may merely create a lookup tool that users would have to learn about, find, and use on their own. In that case, dramatically fewer users would be informed.

"We are outraged that Steve Bannon's company got to improperly use the Facebook data for 87 million users and that no one found out about this until three years later," said Paul Hogarth, Campaign Director of Daily Kos. "What Facebook has done so far is too little, too late. Daily Kos demands that Facebook directly and specifically notify the users whose privacy was compromised."

Given the lengthy period without transparency, the groups called on Facebook to publicly respond to the following questions:

1) Will you actively notify the 87 million users whose personal data was secretly taken by Cambridge Analytica, using a clear alert such as an email, push notification, item in the Notifications tab, or notice at the top of the News Feed?
 
2) Will you actively notify all users whose personal data was secretly taken by other third parties, using a clear alert such as an email, push notification, item in the Notifications tab, or notice at the top of the News Feed?
 
3) Will these notifications contain or link to a clear explanation of what personal data was compromised for these users?
 
4) By what date will you send these notifications?

A full copy of the letter sent earlier today to Facebook from Demand Progress Executive Director David Segal containing these questions is available here.
 
"It's unacceptable that Facebook knew for as many as three years that Cambridge Analytica had used its platform to steal data from tens of millions of users," said Kaili Lambe, Organizing Director at CREDO. "Facebook should have done the right thing then and warned users about the data breach before the 2016 election," Lambe continued. "As the number of affected users keeps growing, it is far past time for Facebook to come clean about the breach and notify everyone affected."

Late today, Facebook posted an update that the number of users whose data was compromised by Cambridge Analytica was substantially larger than estimated earlier, 87 million. They also included a statement that Facebook would provide users with a link to information about apps they had shared data with, although it was not immediately clear whether these would be fully responsive to the groups' questions.

The coalition groups are frequently engaged on issues essential to upholding the open internet and protecting digital rights, from saving net neutrality to reining in warrantless wiretapping. Their petitions are available here:

Demand Progress - https://act.demandprogress.org/sign/tell-facebook-notify-50-million-users-whose-personal-info-was-secretly-taken-trump-consultants-cambridge-analytica/
 
CREDO Action - https://act.credoaction.com/sign/facebook_cambridge_analytica
 
Daily Kos - https://www.dailykos.com/campaigns/petitions/sign-the-petition-facebook-must-come-clean-to-its-users-whose-data-was-stolen

One of the participating groups, Demand Progress, is also helping coordinate a campaign urging technology companies including Facebook, Google, and Microsoft to adopt the Security Pledge, a five-step plan to strengthen protections of user privacy. More information about the Security Pledge is available at https://securitypledge.com/