(CN) – An audit looking into Facebook’s privacy and security practices cleared the company of wrongdoing despite continued attention on the Cambridge Analytica scandal, throwing into question the effectiveness of such audits.
PricewaterhouseCoopers compiled the 53-page audit, with the Federal Trade Commission releasing the heavily redacted document on Friday.
“In our opinion, Facebook’s privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of covered information,” the auditors wrote.
Audits such as the one released Friday are performed twice a year, as stipulated by a settlement between Facebook and the FTC entered into in 2011.
In 2011, the FTC investigated the social media giant and determined the company was being deceptive in communications to users about how the company managed user privacy.
However, the latest audit and the fact that the FTC failed to detect the Cambridge Analytica data scrape has raised questions about the effectiveness of its oversight.
Friday’s audit mirrors Facebook’s own explanations regarding how an electoral data-mining firm obtained private data from millions of users and then deployed it in favor of President Donald Trump’s campaign and the Brexit movement.
Specifically, auditors say Facebook’s analysis of privacy risk and efforts to protect user data in the period dating from February 2015 to February 2017 were adequate.
Cambridge Analytica allegedly obtained the data from a third-party app developer who used a personality quiz to gain information in 2015 about participants and people in their network of friends.
Facebook says it has since strengthened security protections around third-party apps, an assertion the audit appeared to bolster.
But cyberlaw attorney Megan Gray recently published a paper saying the FTC’s role as privacy cop leaves much to be desired and misleads consumers into thinking someone is guarding their privacy interests.
“Careful review … shows the audits are woefully inadequate,” Gray wrote.