Just imagine the fallout for Facebook if a contractor slips up and opens up a laptop on the train or at a coffee shop. It doesn’t have to be malicious, just negligent. And as recent scandals at Amazon and Twitter have shown, employees are as vulnerable to bribery and social engineering as any other human. Even if Facebook is legally covered, the PR risk is too great.
If this were a legal requirement, the actual facebook employees would have been brought back.
They haven't been, just the people contracted by CPL/Accenture to work at FB, which leads me to believe that this is not a legal requirement.
It's presumably that FB said you need to ensure security to the companies, and they decided that the easiest way was to bring everyone back to the office.
