NEW YORK (AP) — Several phone apps are sending sensitive user data to Facebook, including health information, without users’ consent, according to a report by The Wall Street Journal.
An analytics tool called “App Events” allows app developers to record user activity and report it back to Facebook, even if the user isn’t on Facebook, according to the report .
Facebook did not immediately respond to a request for comment. It told the Journal that some of the data-sharing appears to violate its business terms. The company says it requires app developers to be clear with users about what they share.
The development comes as Facebook is dealing with increased scrutiny over how it handles user data. Last week, British lawmakers issued a scathing report calling for tougher privacy rules for Facebook and other tech firms.
Criticisms over privacy intensified nearly a year ago following revelations that the now-defunct Cambridge Analytica data-mining firm accessed data on some 87 million Facebook users without their consent. The U.S. Federal Trade Commission has been investigating that flap as well and is reportedly in negotiations with Facebook over a multibillion dollar fine.
Hours after the Journal story was published, New York Gov. Andrew Cuomo directed the state’s Department of State and Department of Financial Services to “immediately investigate” what he calls a clear invasion of consumer privacy. The Democrat also urged federal regulators to step in to end the practice.
The data-sharing is related to a data analytics tool that Facebook offers developers. The tool lets developers see statistics about their users and target them with Facebook ads.
According to the Journal, Instant Heart Rate: HR Monitor; Flo Health, which tracks a woman’s period and ovulation; and real-estate app Realtor.com were among the apps that sent data to Facebook. The Journal found that the apps did not provide users any way to stop the app from sending their information to Facebook.
Flo Health said in an emailed statement that using analytical systems is a “common practice” for all app developers and that it uses Facebook analytics for “internal analytics purposes only.” But the company plans to audit its analytics tools to be “as proactive as possible” on privacy concerns.