agreed to settle a Federal Trade Commission complaint by promising to obtain users' express consent before sharing their information with a wider audience than in the past.
The proposed settlement, announced Tuesday, would resolve an FTC complaint alleging that Facebook deceived users by repeatedly sharing information that users believed would be
private when uploaded. The FTC's 19-page complaint, unveiled on Tuesday along with the proposed settlement, spells out a variety
of ways that Facebook allegedly deceived users.
Among others, in December of 2009 Facebook reclassified a host of data about users as “public” -- including people's names, photos and friend lists. “They didn't warn users that this change was coming, or get their approval in advance,” the FTC said in a statement. That Facebook shift also prompted the Electronic Privacy Information Center and other groups -- including the American Library Association, Center for Digital Democracy and Consumer Federation of America -- to file a complaint against the company.
The FTC also said that Facebook broke promises to users by allowing app developers to access profile information they didn't need. “A platform application with a narrow purpose, such as a quiz regarding a television show, in many instances could access a user’s relationship status, as well as the URL for every photo and video that the user had uploaded to Facebook’s Web site, despite the lack of relevance of this information to the application,” the FTC said in its complaint.
The authorities also alleged that Facebook shared some users' names with advertisers via referrer headers. (Facebook recently prevailed in a lawsuit stemming from that same issue. A judge in that case ruled that the users weren't harmed by any disclosures and, therefore, couldn't pursue their claim in court.)
Facebook CEO Mark Zuckerberg said in a blog post that the company had made “a bunch of mistakes.” He added: “I think that a small number of high-profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done.”
Zuckerberg also noted that Facebook had already fixed some of the issues noted by the FTC.
In the last two years, Facebook revised its privacy controls to give users more say over who can access their data. But the social networking service hadn't promised prior to Tuesday to seek users' opt-in consent to future privacy-related changes.
Sen. John Kerry (D-Mass.), who introduced an online privacy bill earlier this year, praised the deal.
“This settlement will help ensure that companies keep their promises to consumers and give those consumers a real voice in how their information is used, distributed, and managed,” Kerry stated. “These priorities are consistent with what Senator McCain and I had in mind when we introduced our Internet Privacy Bill of Rights.”
Buzz created social networks out of people's Gmail contacts. At launch, the service revealed information about the names of users' email contacts, if users activated Buzz without changing the defaults. That design meant that a host of confidential information could inadvertently become known, including the names of Gmail users' doctors, lawyers or coworkers.
The FTC will accept comment on the proposed Facebook settlement until Dec. 30.