WASHINGTON, D.C. — U.S. Senators Bob Menendez (D-N.J.) and John Kennedy (R-LA.), both members of the Senate Committee on Banking, Housing, and Urban Affairs, sent a bipartisan letter to Facebook’s CEO, Mark Zuckerberg, expressing their deep concerns regarding reports that Facebook has been courting big U.S. banks, asking for detailed financial information about their customers.

“Data privacy and cybersecurity are more important than ever, and we believe that you owe it to the American people to properly secure the data you currently possess, before you obtain data from a third party,” the Senators wrote. “Less than a year after Americans learned that Cambridge Analytica, gained access to private information on more than 50 million Facebook users, we have concerns that you have not properly secured user data.”

The Senators requested that Facebook respond by October 19th if they have entered into potential data sharing deals with financial institutions and what additional data privacy measures they plan to implement prior to acquiring consumer banking data, if any, among other important questions.

“According to the Wall Street Journal, ‘Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties’ but you nonetheless asked banks ‘for information about where its users are shopping with their debit and credit cards outside of purchases they make using Facebook Messenger,’” they continued. “This raises the question as to what exactly you plan to do with the data.”

Facebook is only one of the companies exposed to this type of breaches. In the year since the Equifax data breach, companies such as Macy’s, Adidas, Sears, Delta Airlines, and Best Buy reported data breaches, exposing millions of consumers’ personal information to malicious actors.

A copy of the letter can be found here and below.

Dear Mr. Zuckerberg,

We write to express our concern regarding recent reports that Facebook has requested large U.S. banks “to share detailed financial information about their customers, including card transactions and checking-account balances”.[1] Data privacy and cybersecurity are more important than ever, and we believe that you owe it to the American people to properly secure the data you currently possess, before you obtain data from a third party.

Less than a year after Americans learned that Cambridge Analytica, gained access to private information on more than 50 million Facebook users,[2] we have concerns that you have not properly secured user data. Last month’s report that hackers successfully breached Facebook, exposing the personal information of close to 50 million users, only serves to exacerbate these concerns.[3] Of course, Facebook is not the only concern. In the year since the Equifax data breach, companies such as Macy’s, Adidas, Sears, Delta Airlines, and Best Buy reported data breaches, exposing millions of consumers.[4] Consumers’ personal information is only as secure as the data security standards of the companies who hold it.

According to the Wall Street Journal, “Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties” but you nonetheless asked banks “for information about where its users are shopping with their debit and credit cards outside of purchases they make using Facebook Messenger”. This raises the question as to what exactly you plan to do with the data. Reportedly, “[b]ank executives are worried about the breadth of information being sought”[5], as they rightly should be. To that end, we seek the following:

1. Information about potential data sharing deals Facebook has entered into or plans to enter into with a financial institution.

2. What if any extra security measures your Facebook plans to implement to ensure that any shared information is scrubbed of personally identifiable information?

3. What steps you plan to take to ensure that users may opt out of having their data shared?

4. What, if any, additional data privacy measures do you plan to implement prior to acquiring consumer banking data?

We appreciate your concern regarding this matter and thank you in advance for a timely response by October 19, 2018.

Sincerely,