FTC, Facebook Reach Privacy Settlement

ZuckerbergBigbrother-is-watchingFacebook has agreed to settle a Federal Trade Commission complaint by promising to obtain users' express consent before sharing their information with a wider audience than in the past.

The social networking service also promised to prevent anyone from accessing deleted accounts within 30 days of deletion. Plus, Facebook agreed to institute a comprehensive privacy policy and to submit to audits for 20 years.

The proposed settlement, announced Tuesday, would resolve an FTC complaint alleging that Facebook deceived users by repeatedly sharing information that users believed would be private when uploaded. The FTC's 19-page complaint, unveiled on Tuesday along with the proposed settlement, spells out a variety of ways that Facebook allegedly deceived users.

Among others, in December of 2009 Facebook reclassified a host of data about users as “public” -- including people's names, photos and friend lists. “They didn't warn users that this change was coming, or get their approval in advance,” the FTC said in a statement. That Facebook shift also prompted the Electronic Privacy Information Center and other groups -- including the American Library Association, Center for Digital Democracy and Consumer Federation of America -- to file a complaint against the company.

The FTC also said that Facebook broke promises to users by allowing app developers to access profile information they didn't need. “A platform application with a narrow purpose, such as a quiz regarding a television show, in many instances could access a user’s relationship status, as well as the URL for every photo and video that the user had uploaded to Facebook’s Web site, despite the lack of relevance of this information to the application,” the FTC said in its complaint.

The authorities also alleged that Facebook shared some users' names with advertisers via referrer headers. (Facebook recently prevailed in a lawsuit stemming from that same issue. A judge in that case ruled that the users weren't harmed by any disclosures and, therefore, couldn't pursue their claim in court.)

Facebook CEO Mark Zuckerberg said in a blog post that the company had made “a bunch of mistakes.” He added: “I think that a small number of high-profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done.”

Zuckerberg also noted that Facebook had already fixed some of the issues noted by the FTC.

In the last two years, Facebook revised its privacy controls to give users more say over who can access their data. But the social networking service hadn't promised prior to Tuesday to seek users' opt-in consent to future privacy-related changes.

Sen. John Kerry (D-Mass.), who introduced an online privacy bill earlier this year, praised the deal.

“This settlement will help ensure that companies keep their promises to consumers and give those consumers a real voice in how their information is used, distributed, and managed,” Kerry stated. “These priorities are consistent with what Senator McCain and I had in mind when we introduced our Internet Privacy Bill of Rights.”

The terms of the Facebook settlement, which were first rumored earlier this month, are in line with the FTC's settlement with Google over its launch of Buzz. That deal requires Google to create a comprehensive privacy program and submit to independent privacy audits for the next 20 years. Google also promised that it will obtain people's express consent before sharing their information more broadly than its privacy policy allowed at the time of collection.

Buzz created social networks out of people's Gmail contacts. At launch, the service revealed information about the names of users' email contacts, if users activated Buzz without changing the defaults. That design meant that a host of confidential information could inadvertently become known, including the names of Gmail users' doctors, lawyers or coworkers.

The FTC will accept comment on the proposed Facebook settlement until Dec. 30.

2 comments about "FTC, Facebook Reach Privacy Settlement".
Check to receive email when comments are posted.
  1. John Grono from GAP Research, November 30, 2011 at 4:07 p.m.

    Owwww ... that feather hurt.

  2. Victor Stanescu from Vectorash & Co, December 8, 2011 at 3:30 p.m.

    This is a very small victory in the war of keeping our data secure online.
    I would have preffered to see a steap fine applied to Facebook for all of thei lil' "mishaps" on privacy!

Next story loading loading..