Facebook has been accused of failing to protect sensitive health data of users in its groups.
“Facebook has marketed this product as a Personal Health Record and it then leaked the health data that those patients uploaded to the public,” a complaint filed with the Federal Trade Commission (FTC) noted on Monday.
The issue was first noticed in July, when members of a women’s group with a gene mutation discovered how easily the names and email addresses of members could have been downloaded in bulk, either manually or through a Chrome extension, The Verge reported.
At that time, the social networking giant reportedly claimed to have made changes to “Groups” that ended the practice and emphasised on the option for join “Secret Groups” – that are, although difficult to join, but have a more limited discoverability.
However, the complaint highlights that public sharing of privately posted personal health information is in violation of the law, which is a serious problem with Facebook’s privacy implementation methods.
“Facebook has ignored our requests to fix the specific issues we have identified to the company, and denies publicly that any problem exists. All of this represents unfair, deceptive and misleading interactions between Facebook and its users in violation of the FTC act,” the complaint added.
The complaint, which was filed by a security researcher and others, argues that Facebook has failed to make clear what personal information users might be giving up when they join a group.
Facebook is already negotiating a multibillion-dollar fine with the FTC over privacy lapses, The Verge said.
The company has not given any official statement on the subject as yet.