What is the timeline of the Facebook data privacy scandal?
Facebook has more than a decade-long track record of incidents highlighting inadequate and insufficient measures to protect data privacy. While the severity of these individual cases varies, the sequence of repeated failures paints a larger picture of systemic problems.
In 2005, researchers at MIT created a script that
downloaded publicly posted information of over 70,000 users from four schools. (Facebook only began to allow search engines to crawl profiles in September 2007.)
In 2007, activities that users engaged in on other websites was automatically added to Facebook user profiles as part of Beacon, one of Facebook's first attempts to monetize user profiles. As an example, Beacon indicated on the Facebook News Feed the titles of videos that users rented from Blockbuster Video, which was a violation of the
Video Privacy Protection Act. A
class action suit was filed, for which
Facebook paid $9.5 million to a fund for privacy and security as part of a settlement agreement.
In 2011, following an FTC investigation, the company entered into a consent decree, promising to address concerns about how user data was tracked and shared. That investigation was prompted by an incident in December 2009 in which information thought private by users was being shared publicly, according to
contemporaneous reporting by The New York Times.