As an independent nonprofit watchdog, the International Digital Accountability Council (IDAC) seeks to identify risks and harms in the digital ecosystem, and then resolve them as early as possible.
Sometimes, that means we educate developers on what not to do to help them use best practices like privacy by design and data minimization. Or, when education does not work, IDAC privately informs developers when our investigations and research show that they may be falling short of best practices. In the first few months of our work, we have had several successes working directly with developers around our concerns, leading to quick resolutions that have improved data practices, such as with a COVID-19 symptom checker app and a popular health and fitness app.
Of course, some problems aren’t so easy to resolve. In more serious cases, the harm is so severe or the practices are so bad that it is necessary to inform law enforcement, platforms, and the public right away. For example, when IDAC and our partners at Good Research and AppCensus learned that a fertility app was sharing user information with a third party without disclosure, we made a formal referral to the Federal Trade Commission (FTC) and the Illinois Attorney General, to make sure that steps could be taken right away to protect consumers.
Many of the problems in the digital ecosystem lie somewhere between these operating principles. In many cases, the most effective strategy IDAC uses is to work with platforms to help them to monitor and resolve external data misuse happening on their platforms. By educating their developer partners about best practices and enforcing their terms of service and relevant data policies, platforms are often in the best position to ensure that third party developers are following the rules and preventing data misuse that can cause risks and harms to consumers and other users.
That’s why IDAC is pleased to announce that it is entering into a new agreement with Facebook setting out a series of protocols for IDAC and Facebook to work together to identify and resolve external data misuse on Facebook’s platform.
Under this agreement, IDAC will have a direct line to Facebook’s investigations teams so that IDAC can share evidence of potential data misuse and Facebook can then offer assistance in investigating specific cases, where appropriate.
This agreement will assist IDAC and Facebook as they work to (1) identify potential threats to data privacy in the digital ecosystem; (2) educate stakeholders on data privacy trends and best practices; and (3) investigate and report on specific instances of data misuse committed by different actors in the digital ecosystem.
The agreement protects IDAC’s independence as a nonprofit watchdog and lays out the process by which IDAC can bring concerns to Facebook’s attention and request further information or assistance in working with developers to prevent or resolve problems that may violate Facebook’s terms of service and relevant data policies or depart from best practices.
The collaboration is a two-way street. Under this agreement, Facebook will also work with IDAC to proactively identify potential data privacy threats in the ecosystem and develop mitigation strategies to address them as early as possible.
We are looking forward to rolling up our sleeves and furthering our work to prevent misuse of user information, promote trust in the privacy, security, and safety practices of all participants in the digital ecosystem, and promote shared responsibility for the protection of online privacy.