Facebook can gain direct access to a person’s mobile and take pictures or make videos at any time without explicit consent, MPs warn as they call on social media companies to simplify their terms and conditions.
The MP said that they should simplify the conditions of using their services, which are designed for US courts, because they are so impenetrable that “no reasonable person” can be expected to understand them.
The MPs on the Science and Technology select committee called for the Government to draw up new guidelines for websites and apps explaining clearly how they use personal data, warning that laws will be needed if companies fail to comply.
The committee highlighted terms for Facebook Messenger’s mobile app, used by more than 200,000 million people a month, that means it can gain direct access to a mobile or tablet, including to take pictures or make videos, at any time without explicit confirmation from the owner.
MPs also pointed to criticism of the company earlier this year after it carried out a psychological experiment that recorded users’ moods as news feeds on the social network were manipulated.
Andrew Miller MP, the committee’s chairman, said: “Facebook’s experiment with users’ emotions highlighted serious concerns about the extent to which, ticking the terms and conditions box, can be said to constitute informed consent when it comes to the varied ways data is now being used by many websites and apps.
“Let’s face it, most people click yes to terms and conditions contracts without reading them, because they are often laughably long and written in the kind of legalese you need a law degree from the USA to understand.
“Socially responsible companies wouldn’t want to bamboozle their users, of course, so we are sure most social media developers will be happy to sign up to the new guidelines on clear communication and informed consent that we are asking the Government to draw up.”
He added: “A line also needs to be drawn between the information that apps actually need to provide a service and the kind of personal information they often request when registering new users, information that is becoming increasingly valuable in our networked society.
“I hope that a voluntary system of guidelines can work, because, if not, legislation might be needed.”
The committee also criticised the Government’s handling of plans to compile patients’ medical records on a centralised database under the controversial care.data project, which sparked concerns from patients’ rights groups and doctors over privacy.
It said the project was “a clear example where this trusted relationship failed to develop”.
A Facebook declined to comment. But a source said: “We recently updated our terms and policies to make them simpler and easier to read.
“We also launched a new site to help people understand how they can
control their Facebook experience e.g using their privacy settings, tagging people.
“On the broader data use point then worth flagging that Facebook has been subject to a full and thorough review of our data protection and privacy policies by the Irish Data Protection Commissioner in 2011 and then 2012.
“The Data Protection Commissioner noted that Facebook had implemented the Recommendation of the DPC as set out in the Audit report and indeed in many instances went beyond some of their initial
recommendations and are fully committed to best practice in data protection compliance.”