MENÚ
After detecting a network of fraudulent Facebook pages that impersonate public transport services in 47 Spanish cities to steal users' personal and credit card data, we have now put to test the reporting mechanisms that platforms such as Meta must have in place according to the European Digital Services Act (DSA) so that users can report the presence of illegal content that, again according to the same law, must be deleted. We have reported 58 unlawful posts and, a week later, more than 93% were still available on Facebook.
We also wanted to compare how the DSA mechanisms to report illegal content work in comparison to the system that Meta has in place for its users to report violations of its own internal rules, specifically the terms of Service on Fraud and Scams. We reported half of the fraudulent posts one way and the other half the other, and found that Meta only deleted 6.8% of the posts reported as illegal, but eliminated 17% of those reported as contrary to its internal rules. Meta was actually more mindful in applying its own rules than in following its legal obligations in the EU.
Particularly worrying, out of the 58 fraudulent posts reported as illegal content between June 9 and 10, Meta has not been able to even provide any response in 8.6% of cases after one week. Its initial response was always not to delete the illegal post: only after appealing those first decisions we succeeded in getting Meta to back down and acknowledge that at least that 6.8% had to be removed in accordance with the law. A figure still far from its legal obligations.
The appeal process, even with somewhat better results, reveals a serious problem of responsiveness on the side of Meta. Five days after our appeals, 62% of those had not been decided upon. Although the DSA only specifies that decisions must be issued with “no undue delay”, for example in the EU Code of Conduct on Unlawful Hate Speech tech companies commit to act against this type of illegal content in less than 24 hours.
Also of concern is Meta’s failure to comply with the standards DSA lays down for communications to users who report the presence of illegal content. The law specifies that the platform must include information about the use of any “automated means” but in this case, at least 56% of Meta's initial responses following our flags contain clear indications of automation and no warnings about it.
Unpunished scammers and red flags
Beyond Meta's response, the complete lack of consequences for the authors of the illegal posts is striking. Of the 55 Facebook pages identified as impersonating public transport companies to carry out scams, 98% remain accessible one week after the report. Even in cases where Meta has deleted content from these pages for scamming, these are still active and ready to be reused in the scamming campaign.
This lack of response is even more surprising because many warning signs about the scam were easily identifiable, even without our complaints: 65% of pages had had ads removed or their account suspended for violating Meta's own advertising rules and 41% of those pages that, in theory, are public transport systems in Spain, have administrators who are listed in countries outside the European Union, according to Meta’s own data.
Another clear indicator of coordination is the use of almost identical texts and the fact that some posts seem to be versions of the same text with customizable fields in which only the city or the specific name of the transport card is edited.
These scams related to public transport cards seem even more serious because they affect public institutions. Some have been warning about this for years and the impersonation by scammers of Facebook continues to occur. To give just a few examples, public transport companies such as the one managing the system in Barcelona or cities like Sanlúcar de Barrameda (Cádiz).
A recurring scam that breaks both the law and the rules of Meta
The DSA requires Meta to delete illegal content and there is no doubt that these posts are illegal in Spain, according to the experts consulted. Samuel Parra, lawyer specializing in technology law, states that this constitutes misleading advertising according to the General Advertising Law because "the identity of a transport company is impersonated with the sole intention of causing a displacement of assets in the victim." Furthermore, it fails to comply with data protection regulations "because personal data is being collected “unfairly and for an illegal purpose”.
Elena Gil, lawyer specializing in Big Data, agrees with this, adding that the fraudulent posts also violate the Consumer Protection Act in Spain which requires “clearly identifying who the company is” in such an advertisement. It could even constitute a crime of fraud according to the Spanish Penal Code depending on the amount of the scam.In this sense, a federation of consumer representative organizations CECU points to Maldita.es that "the assumptions presented here are not only misleading, but they are outright scams and therefore, the provisions of the Penal Code for this crime would come into effect.”
As if this were not enough, the presence of this type of fraudulent posts violates Meta’s own rules. In particular the section on fraud, scams and deceptive practices which prohibits the “posts that falsely claim to act or speak on behalf of an entity or company” and “frauds or scams related to government grants.”
Also, since all the pages that posted the scams used Meta's ad system to promote them, they broke Meta’s policy on “unacceptable business practices in advertising” which states that ads on the platform “must not promote products, services, strategies, or offers that use identified deceptive practices, including those that defraud people financially or fraudulently obtain their personal information.”
Elena Gil, a lawyer specializing in Big Data, collaborated on this article with her superpowers.
Thanks to your superpowers, knowledge, and experience, we can fight lies more effectively. You are essential to stopping disinformation. Help us in this battle: send us any hoaxes you receive to our WhatsApp service., lend us your superpowers, spread our debunks and become an Ambassador.
TRANSPARENCY: Maldita.es participates since 2019 in Meta's external fact-checking program.