Policymakers around the world are sounding the alarm about a recent Wall Street Journal report that apps as wide ranging as a menstrual cycle tracker and heart rate monitor are sending intimate data - such as pregnancy status or body weight -- to the social network without clearly disclosing the practice to users.
New York Gov. Andrew Cuomo, D, on Friday called for a probe into whether Facebook is "secretly accessing personal information." As he directed the New York Department of State and other state agencies to open an investigation, he also called on federal regulators to "to step up and help us put an end to this practice and protect the rights of consumers."
"New Yorkers deserve to know that their personal information is safe, and we must hold Internet companies - no matter how big - responsible for upholding the law and protecting the information of smartphone users," Cuomo said in a statement on Friday.
But the scrutiny likely won't stop in New York: Washington lawmakers will likely have questions about the data-sharing practices exposed in the story as both the House and Senate host hearingsthis week focused on developing federal privacy legislation.
Sen. Ron Wyden, D-Ore., said in a statement that he wants to see the Federal Trade Commission expand its existing investigation to include how Facebook is collecting data from these smaller companies. (The social network is already negotiating with the FTC over a multibillion-dollar fine in response to an investigation into the Cambridge Analytica scandal, in which a political firm tied to President Donald Trump obtained Facebook users' data without their consent.)
He also said the Journal's findings underscore the need for "strong privacy legislation with teeth."
"I'm sick of hearing Facebook make excuses for its repeated privacy invasions," Wyden said.
It's possible other states beyond New York could investigate the company's collection of data from other apps. After the Cambridge Analytica scandal last year, multiple states opened their own investigations into Facebook.
It also comes as many state lawmakers are trying to pass privacy legislation of their own. Marc Levine, D, a California Assembly member, said the Journal report emphasized the need for legislation that compels data brokers to tell people how much their information is worth:
The regulatory fallout could also extend beyond U.S. borders. The Journal reported some of the data sharing practices it uncovered could be in violation of Europe's broad new privacy law, the General Data Protection Regulation. Regulators and lawmakers in Europe have been actively investigating Facebook for other privacy transgressions, and this month a committee in the United Kingdom's Parliament released a report calling Facebook a "digital gangster."
Damian Collins, chair of the committee that prepared that report, said the report shows how "totally out of control the system is."
The Journal found that at least 11 common smartphone apps, which have tens of millions of downloads combined, shared data with Facebook to use a Facebook analytics tool for advertising. The tool let developers measure app usage and potentially target people with personalized ads. Many of the apps were health and wellness apps, such as the Flo Period and Ovulation Tracker, which sent menstruation information to Facebook that could be matched to a user's device or profile via a unique identifier. Facebook could potentially could advertise to people based on their sensitive health details.
In another report Sunday evening, the Journal found that many of these apps were "scrambling" to stop sharing this sensitive data with Facebook. At least four of the apps - including Flo - had stopped sharing sensitive data with Facebook. The changes came after Facebook itself contacted some developers in response to Friday's report and told them it prohibited them from sending Facebook sensitive information.
Many on social media said the Journal's findings put a spotlight on just how broad the tech industry's data practices have become.