AfterDawn: Tech news

Facebook reaches settlement with FTC

Written by James Delahunty (Google+) @ 30 Nov 2011 7:12

Facebook reaches settlement with FTC Zuckerberg admits Facebook "made a bunch of mistakes."
Facebook has agreed to settle Federal Trade Commission (FTC) charges that it deceived its users by informing them that they could keep information on their profile pages private, only then to repeatedly allow it to be made public.

Facebook will have to take several steps to ensure that it does not infringe its users' rights again in the future. It will have to provide its users with clear and prominent notice and must obtain users' express consent before their information is shared beyond the privacy settings they have established previously.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said Jon Leibowitz, Chairman of the FTC. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

What did Facebook do wrong?

The FTC complaint made a number of charges against Facebook. In December 2009, Facebook changed its website so that certain information designated as private by its users (Friends List for example) was made publicly available. The social network provided no warning before making the change, nor did it seek approval of its users.

Facebook also informed users that third-party apps installed by the users would only have access to information they needed to operate, when in face they apps could access almost all a users' personal data, required or not for operation.

It also claimed that its "Verified Apps" program certified the security of participating apps when it did not. It failed to allow users to restrict sharing of data to limited audiences, such as only their Friends. Facebook also shared information with advertisers despite saying previously that it would not, and after Facebook accounts were deactivated or deleted, a users' photos and videos were still accessible.

Finally, Facebook also claimed that it complied with the U.S. - EU Safe Harbor Framework that governs data transfers between the United States and the European Union, when it in fact did not.

What has Facebook agreed to do, as part of the FTC settlement?

The FTC settlement means that Facebook is:
  • barred from making misrepresentations about the privacy or security of consumers' personal information;
  • required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;
  • required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;
  • required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and
  • required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
The social network must also keep records to allow the FTC to monitor compliance with the order.

What else is Facebook doing?

Facebook co-founder and CEO, Mark Zuckerberg, wrote an article about Facebook's commitment to its community. "I'm the first to admit that we've made a bunch of mistakes." Zuckerberg wrote.

"In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done."

Zuckerberg said that Facebook has always been committed to transparency about the information that its users have stored with the service, and lead the Internet in building tools to help users see and control what they share with the world, but admitted that Facebook could always do better.

He said that most of the charges in the FTC case were dealt with other the last couple of years. Zuckerberg also created two new corporate officer roles to make sure its commitments are reflected in its internal operations. Erin Egan, who joined Facebook recently, will be become Chief Privacy Officer in relation to policy, while Michael Richter, currently the social network's Chief Privacy Counsel on its legal team, will become Chief Privacy Officer in relation to products.

Tags: Facebook
Previous Next Write a comment

Comment this article

News archive