Facebook’s data governance has once again been called into question amid allegations that its Instagram division allowed a US start-up to collect highly personal data on millions of its users without their consent or knowledge.
The company has now sent a cease and desist letter to marketing firm HYP3R, which had passed Instagram’s vetting procedures – following an investigation by Business Insider magazine.
The firm has not yet revealed exactly how many users have been affected, and claims it is still investigating the scale of the issue, but it could potentially be another “Cambridge Analytica” moment for the brand.
While all of the data obtained by HYP3R came from public profiles, the investigation has exposed that even content shared to Stories – which is supposed to disappear within 24 hours – may instead have been gathered by HYP3R. It could also hone in on specific locations where users had posted content.
In a statement, Facebook reiterated that the start-up went broke its policies and has since been banned. It said: “HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way.”
However, HYP3R denies it has broken any Instagram rules in the way it gathered data.
‘Teflon Facebook’ to recruit its first chief privacy officer
Lewis: ‘It shouldn’t have taken me to tackle Facebook’
$5bn Facebook fine blasted as ‘just a slap on the wrist’
Canadians take the lead to subpoena Facebook top dogs
Facebook back in dock as Canadians begin legal action
Facebook buckles over EC data transparency demands
Facebook privacy scandal has been ‘a force for good’