A Japanese government body on Monday directed Facebook to be more transparent and strengthen guards on personal information, following European authorities in pushing back against the social networking giant as hacks and its own tools leave data exposed.
The Personal Information Protection Commission's warning, which did not accuse the company of violating any laws, focused on how users can inadvertently have their data sent to Facebook through external sites displaying its "like" button. It also faulted Facebook's responses to a major data leak through a third-party app and another through a hacking attack uncovered last month.
When pages such as news sites and company homepages display Facebook's "like" and other buttons using its so-called social plugins, visiting users' browsing history and other information can be sent to the social network regardless of whether they click on the buttons. Facebook's efforts to explain the "like" button issue -- which have only extended to such steps as revising its user agreements -- are unlikely to sufficiently explain the problem to the average user, the commission said.
In March, the commission alerted internet users and website operators using the buttons about the issue, but Monday's announcement held Facebook responsible for explaining the problem. Although other social networks -- such as Line, a messaging platform widely used in Japan -- offer similar plugins, the agency said it warned only Facebook because the site requires users to register with their real names, so its data can very likely be tied to personal information.
The commission also told the company to be thorough in monitoring third-party Facebook apps. In March, it was revealed that data relating to as many as 87 million users was obtained through a Facebook app by Cambridge Analytica, a U.K.-based consulting firm with ties to the 2016 electoral campaign of U.S. President Donald Trump.
Facebook was also directed to notify users who had been affected by a large-scale hack the company announced in September, saying the personal information of 29 million users had been accessed. The commission also told the social network to report on efforts to investigate the root of the problem and prevent it from happening again. European and American authorities are also probing the matter.
The highly independent commission, which was established in January 2016, has the authority to conduct raids and issue advisories or orders. But for overseas-based companies, it can only issue advisories and cannot impose fines or other penalties.
Facebook's Japanese arm said Monday it would "remain committed" to privacy protections, though no new concrete steps were specified.
The company has been slow to address privacy issues in Japan. Though the Cambridge Analytica leak was uncovered in March, the social network's Japanese unit only held an event to explain the matter last week. It has not yet made clear whether Japanese consumers were affected in the hack uncovered last month.