Maybe I'm just ignorant, but I do not really see how this violates the FTC agreement, because it covers Facebook sharing user data (stored/tracked/gathered by Facebook) with third parties.
However, what Facebook did is far worse than violating that agreement. Facebook gained accessed to user data on third party systems, to which they should never have had access. They gained this (unauthorized) access (at best without clear consent) on a false pretense (disguising as security related requirement). Then they imported user data, with no relationship to their stated goal/requirement, into their platform.
Associative contact information is a highly valuable commodity to any company involved in marketing and social media. I've seen a lot of people argue how this could have been the result of a laps of oversight, but that sounds like arguing how a gem stone trader might have "accidentally" stolen a large quantity of rough gem stones, while claiming to not have known their value. Even if theoretically possible, it's extremely unlikely that nobody within Facebook knew/realized the value of this data.
Either way, Facebook gained access to highly valuable assets. Even in the unlikely event of sincere lack of oversight, it would demonstrate a level of incompetence that warrants them to still be held criminally liable.
Moreover, Facebook might actually have outright violated the Computer Fraud and Abuse Act (CFAA), in particular the "access in excess of authorization" part, but I'm not sure.
The FTC complaint lists a number of instances in which Facebook allegedly made promises that it did not keep:
In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public.
They didn't warn users that this change was coming, or get their approval in advance.
Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
Facebook promised users that it would not share their personal information with advertisers. It did.
Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.
In my opinion, Facebook no doubt violated the FTC agreement and pretty much every other promise they ever made. However, that's a different matter. I do not argue against them being punished for that, but this situation appears to be a different kind of case. A violation of the law to be precise, and should be publicly prosecuted accordingly.
What user do, or should do, isn't really a part of this argument. This is about Facebook violating agreements they made with governments or them violating laws. This is a subject of public prosecution. How users should respond is a different matter.
While dropping Facebook and Instagram is easy, WhatsApp is much harder. It's become the main communication medium for many, including a lot of group chats.
While you can abstain, it creates all kinds of awkwardness that I'm not willing to deal with currently.
This is a federal crime as FB is accessing a system that it does not have permission to access. This is the same as you or me hacking into someone else's email. People have gone to jail for a long time for just this crime.
I agree, or so it at least appears. Now we will have to wait and see if the US government (and those of other countries) will actually go after Facebook. They might just do whatever they can to avoid it, either because of their own personal interests (maybe even a corrupt nature), or Facebook's reach might actively bully them out of it (away from the public eye, of course). I don't expect anyone substantial facing consequences for these actions, which says enough in its own right.
And our low expectations are part of the problem. We assume now that large corporations should be able to get away with behavior that would send anyone else to jail.
However, what Facebook did is far worse than violating that agreement. Facebook gained accessed to user data on third party systems, to which they should never have had access. They gained this (unauthorized) access (at best without clear consent) on a false pretense (disguising as security related requirement). Then they imported user data, with no relationship to their stated goal/requirement, into their platform.
Associative contact information is a highly valuable commodity to any company involved in marketing and social media. I've seen a lot of people argue how this could have been the result of a laps of oversight, but that sounds like arguing how a gem stone trader might have "accidentally" stolen a large quantity of rough gem stones, while claiming to not have known their value. Even if theoretically possible, it's extremely unlikely that nobody within Facebook knew/realized the value of this data.
Either way, Facebook gained access to highly valuable assets. Even in the unlikely event of sincere lack of oversight, it would demonstrate a level of incompetence that warrants them to still be held criminally liable.
Moreover, Facebook might actually have outright violated the Computer Fraud and Abuse Act (CFAA), in particular the "access in excess of authorization" part, but I'm not sure.