Facebook Settles FTC Charges Over Privacy

Facebook has finally settled a case with Federal Trade Commission over privacy concerns. The social networking giant had been accused earlier in an eight-count complaint of not fulfilling its commitments and deceiving its users over privacy.

The proposed settlement urges Facebook to take necessary steps to show its dedication towards ensuring users privacy. The terms of settlement also restrict Facebook from making any further “deceptive privacy claims.” Based on guidelines, Facebook is now obliged to obtain users’ consent before enacting any changes to the way service shares their personal information. Moreover, Facebook is required to submit privacy audits every 2 years for next 20 years.

In a conference call about the settlement, the Chairman of FTC, Jon Leibowitz said, “The most important thing is to ensure consumer privacy going forward, and we believe this order does that. It will also allow Facebook to move on and create more services and features. Nothing in this order will prevent Facebook from innovating,” he added.

In a blog post, Facebook CEO Mark Zuckerberg confirmed the settlement. He said that we had foresightedly treated the FTC’s complaints, further adding that we “had made a bunch of mistakes.”

The Zuckerberg’s statement is much appreciated by Leibowtiz as he said that he was happy to see the dedication Facebook showing to bring users privacy to highest level.

Leibowitz further added, “I think it’s a really good sign that he acknowledges mistakes the company made. That can only be good for consumers.” He said that Facebook is bound to keep its promises about privacy that it make with hundreds of millions users and the FTC terms of settlement ensure that the company’s innovations don’t come at the expense of users’ privacy.

The FTC Complaint List

The FTC statement describes a number of areas in which Facebook allegedly made promises to its users but didn’t keep:

  • In December 2009, Facebook changed its website so certain information that users may have designated as private — such as their Friends List — was made public. They didn’t warn users that this change was coming, or get their approval in advance.
  • Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data — data the apps didn’t need.
  • Facebook told users they could restrict sharing of data to limited audiences — for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
  • Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
  • Facebook promised users that it would not share their personal information with advertisers. It did.
  • Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
  • Facebook claimed that it complied with the US-EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

The Proposed Settlement

The terms of settlement restricts the social networking giant from endorsing any further deceptive privacy claims. The company is obliged to get users’ permission before it alters the way it shares information. Under the proposed settlement, Facebook is:

  • barred from making misrepresentations about the privacy or security of consumers’ personal information;
  • required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
  • required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account;
  • required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
  • required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

All these requirements are obligatory for the social networking giant, violating any one of these will cause the company a fine of $16,000 per violation per day, according to Leibowitz.

Enjoyed this article? Submit your email to receive daily news and updates.

***You must click confirmation link sent in email. If you don't see the email, check spam folder.

Filed in: Facebook, News Tags: , , , ,

Leave a Reply

Submit Comment

© 2022 Tech Readers. Reproduction without explicit permission is prohibited. All Rights Reserved. XHTML / CSS Valid.