Last month, a report by The Verge revealed the technical error in Messenger Kids. The app is supposed to require parental permission before kids chat with other users. But a loophole allowed approved users to invite kids to group chats, even if unauthorized users were there too. In response, Facebook reportedly alerted parents to the flaw and shut down group chats created through the loophole.
Markey and Blumenthal want to know how long Facebook knew about the flaw, how long it existed, if all parents have been notified and what measures Facebook will take to prevent similar issues in the future. Because the app is intended for users between the ages of six and 12, it must comply with the Children's Online Privacy Protection App (COPPA). It's unclear if this recent glitch violates COPPA, but privacy experts and advocacy groups previously filed an unrelated complaint with the Federal Trade Commission (FTC). They claim that Messenger Kids collects children's personal information without clear disclosures or parental consent.
Facebook is not the only tech company struggling to protect children's privacy. Both Google and TikTok have been slapped with multimillion dollar fines for violating COPPA. This spring privacy advocates filed a complaint alleging that Amazon stores kids' conversations and data even after parents attempt to delete it. Whether or not Facebook is fined for this Messenger Kids flaw or other potential COPPA violations, it will need to do a better job protecting children's privacy if it wants to fulfill its "future is private" promise.
Engadget has reached out to Facebook for comment.
Update 8/7/2019 10:40AM ET: This story has been updated to reflect that the issue was caused by a technical error, not a design flaw.