Facebook’s use of Onavo spyware faces questions in EU antitrust probe — report
Facebook’s use of the Onavo spyware VPN app it acquired in 2013 — and used to inform its 2014 purchase of the then rival WhatsApp messaging platform — is on the radar of Europe’s antitrust regulator, per a report in The Wall Street Journal.
The newspaper reports that the Commission has requested a large volume of internal documents as part of a preliminary investigation into Facebook’s data practices, which was announced in December.
The WSJ cites people familiar with the matter who told it the regulator’s enquiry is focused on allegations Facebook sought to identify and crush potential rivals and thereby stifle competition by leveraging its access to user data.
Facebook announced it was shutting down Onavo a year ago — in the face of rising controversy about its use of the VPN tool as a data-gathering business intelligence dragnet that’s both hostile to user privacy and raises major questions about anti-competitive practices.
As recently as 2018 Facebook was still actively pushing Onavo at users of its main social networking app — marketing it under a “Protect” banner intended to convince users that the tool would help them protect their information.
In fact, the VPN allowed Facebook to monitor their activity across third-party apps — enabling the tech giant to spot emerging trends across the larger mobile ecosystem. (So, as we’ve said before, “Protect Facebook’s business” would have been a more accurate label for the tool.)
By the end of 2018 further details about how Facebook had used Onavo as a key intelligence lever in major acquisitions emerged when a U.K. parliamentary committee obtained a cache of internal documents related to a U.S. court case brought by a third-party developer which filed suit alleging unfair treatment on its app platform.
U.K. parliamentarians concluded that Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, apparently without their knowledge — using the intel to assess not just how many people had downloaded apps but how often they used them, which in turn helped the tech giant to decide which companies to acquire and which to treat as a threat.
The parliamentary committee went on to call for competition and data protection authorities to investigate Facebook’s business practices.
So it’s not surprising that Europe’s competition commission should also be digging into how Facebook used Onavo. The Commission also has been reviewing changes Facebook made to its developer APIs that affected what information it made available, per the WSJ’s sources.
Internal documents published by the U.K. parliament also highlighted developer access issues — such as Facebook’s practice of whitelisting certain favored developers’ access to user data, raising questions about user consent to the sharing of their data — as well as fairness vis-à-vis non-whitelisted developers.
According to the newspaper’s report, the regulator has requested a wide array of internal Facebook documents as part of its preliminary investigation, including emails, chat logs and presentations. It says Facebook’s lawyers have pushed back — seeking to narrow the discovery process by arguing that the request for info is so broad it would produce millions of documents and could reveal Facebook employees’ personal data.
Some of the WSJ’s sources also told it the Commission has withdrawn the original order and intends to issue a narrower request.
We’ve reached out to Facebook and the competition regulator for comment. Update: In a statement attributed to its associate general counsel, Timothy Lamb, Facebook said: “We are committed to cooperating with regulators on enquiries about the competitive landscape in which we operate.”
The Commission declined to comment on the WSJ’s report.
Back in 2017 the European Commission fined Facebook $122 million for providing incorrect or misleading information at the time of the WhatsApp acquisition. Facebook had given regulator assurances that user accounts could not be linked across the two services — which cleared the way for it to be allowed to acquire WhatsApp — only for the company to u-turn in 2016 by saying it would be linking user data.
In addition to investigating Facebook’s data practices over potential antitrust concerns, the EU’s competition regulator is also looking into Google’s data practices — announcing a preliminary probe in December.