Facebook once again came under a lot of fire earlier this year when a couple of vulnerabilities were discovered that allowed hackers to scrape the email IDs of over 530 million users of the platform. Despite this revelation, the company stated that it would not be informing users affected by the data breach. It later went on to share several techniques and processes it employs to prevent unauthorized data scraping. Now, it has shut down Facebook access for the New York University (NYU) Ad Observatory project following the team's repeated violations of privacy regulations.
In a sternly worded blog post, Facebook explained that the aim of the NYU Ad Observatory was to study political ads. However, instead of using Facebook's privacy-protective methods, it resorted to building a browser extension that scrapes data from the platform. Facebook claims that this extension collected data related to usernames, ads, URLs to profiles, and information about "Why am I seeing this ad?". Some of this information is not publicly viewable on Facebook, and collected data from users who had not even installed the extension or consented to data collection.
The company reportedly informed the NYU Ad Observatory of potential privacy violations in the summer of 2020, even before the launch of the tool. In October, it sent a formal notice regarding the matter, giving the entity 45 days to comply. Even after this deadline, Facebook continued to engage with its researchers, but to no avail. Earlier this year, it gave them access to data related to Elections 2020 via the FORT Researcher Platform in a privacy-protective manner, but the project refused to utilize it and continued its activities.
As such, Facebook has now announced that it is effectively shutting down all accounts, pages, apps, and platform access for the NYU Ad Observatory. It went on to say that:
While the Ad Observatory project may be well-intentioned, the ongoing and continued violations of protections against scraping cannot be ignored and should be remediated.
Collecting data via scraping is an industry-wide problem that jeopardizes people’s privacy, and we’ve been clear about our public position on this as recently as April. The researchers knowingly violated our Terms against scraping — which we went to great lengths to explain to them over the past year. Today’s action doesn’t change our commitment to providing more transparency around ads on Facebook or our ongoing collaborations with academia.
Facebook has emphasized that it will continue to work with responsible researchers and give them access to data in a privacy-protective manner when needed, but the concept of "research" cannot be a justification for breaching user privacy.