Commentary

FTC Pushes Back On Privacy Policy Changes

Earlier this month, the Federal Trade Commission announced that it had reached a settlement with ad network Chitika over behavioral targeting opt-outs that expired after just 10 days. And this week, the FTC unveiled a tentative settlement with Google for violating users' privacy with the launch of Buzz, a service that transformed people's Gmail contacts into social networking friends -- and in the process revealed the identities of some users' email contacts.

Those two cases, coming so soon after each other, clearly signal that the FTC is prepared to enforce Web companies' privacy policies. But the terms of the Google settlement go way beyond agreements to adhere to existing privacy policies. The settlement also would require Google to obtain opt-in consent before sharing users' data in new ways. In other words, Google could no longer retroactively loosen its privacy policy without getting users' explicit permission.

advertisement

advertisement

That's a significant change -- and one that could affect a wide swath of companies that want to be able to revise their default privacy settings so as to give users less privacy. Facebook has done so (and backtracked) more than once.

Facebook's not alone, either. Document-sharing site Scribd last year launched Readcast -- which broadcasts the documents people download to other Scribd users -- on an opt-out basis; Scribd quickly retreated from that move. Additionally, a host of Internet service providers that worked with targeting company NebuAd changed provided notice by quietly changing their privacy policies -- which, of course, existing subscribers had no reason to read.

While the FTC's settlement with Google doesn't prohibit other companies from changing their default privacy settings, it certainly pushes the industry in that direction.

For that reason, the term already is proving controversial. FTC Commissioner J. Thomas Rosch wrote a concurring statement questioning why Google would have agreed to such a condition. "Surely it did not do so simply to save itself litigation expense," he wrote. "But did it do so because it was being challenged by other government agencies and it wanted to 'get the Commission off its back'? Or did it do so in hopes that [the condition] would be used as leverage in future government challenges to the practices of its competitors?"

Rosch goes on to say that neither reason would be "consistent with the public interest."

Actually, however, a powerful argument can be made that companies shouldn't blindside users by changing their default privacy settings after users sign up for a service. And if this settlement discourages other companies from retroactively changing their default privacy settings, that doesn't sound like a bad result.

Next story loading loading..