The FTC-Facebook Settlement Terms Explained
Following up on complaints filed by consumer privacy protection organizations, on Tuesday, the Federal Trade Commission announced a settlement agreement with Facebook over its lax privacy regulations.
“Facebook’s innovation does not have to come at the expense of consumer privacy,” FTC Chairman Jon Leibowitz said. “The FTC action will ensure it will not.”
What did Facebook do wrong? According to the FTC’s original complaint:
- In 2009, Facebook changed its privacy controls without user knowledge or consent.
- It automatically shared information and pictures about Facebook users, even if they previously programmed their privacy settings to shield the content;
- Facebook shared people’s profile pictures and lists of online friends to the world even those of users who had previously requested that image and information NOT be shared;
- It shared its users’ personal information with third-party advertisers from September 2008 through May 2010 despite several public assurances from company officials that it wasn’t passing the data along for marketing purposes;
- When users clicked on ads that appeared on their personal profile pages, “their walls”, their personal information was sent to third party advertisers even though some advertisers didn’t necessarily even need that information ; and
- After people deleted their accounts, Facebook kept their personal photos and data without consent and knowledge of the users.
What were the settlement terms?
- Facebook promised not to breach people security any longer and said it will require “opt in” – where a user would have to affirmatively click a box to permit sharing as opposed to having that option automatically filled in every time Facebook implemented a new policy. Most users would not know the change occurred and to go to their privacy settings and uncheck or “opt out” the box which made them automatically approved.
- Facebook would face a fine of $16,000 per day for each violation if it does this again.
- Facebook is required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account;
- It has to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information (maybe a user bill of rights); and
- Within 180 days, and every two years after that for the next 20 years, Facebook has to get a third party to audit it and get a certification that it is meeting or exceeding the FTC requirements.
The FTC’s commissioners unanimously approved the agreement with Facebook.
The FTC is accepting public comments through Dec. 30 before deciding whether to finalize the settlement. Submit your comments HERE at the FTC Comment Page.
Yesterday, Facebook’s CEO Mark Zuckerberg defended Facebook’s practices, but admitted that the company “made a bunch of mistakes” along the way. Facebook said it has created two new executive positions: Michael Richter as chief privacy officer of products and Erin Egan as chief privacy officer of policy.
“This means we’re making a clear and formal long-term commitment to do the things we’ve always tried to do and planned to keep doing – giving you tools to control who can see your information and then making sure only those people you intend can see it,” Zuckerberg wrote in his blog post.
“The FTC cracked down on Google eight months ago for alleged privacy abuses that occurred last year when the company attempted to plant a social network called Buzz within its widely used Gmail service,” The Blaze reported. “Like Facebook, Google agreed to improve its privacy practices and submit to external audits for the next 20 years.”
In its settlement with Twitter reached this June, the FTC alleged that Twitter didn’t do enough to protect users’ accounts from hackers.
What are your thoughts? Do you think Facebook got away scott free, relatively, given all the money it made during its crazy period of privacy violations? Are you comfortable with these changes? Would you close your account if Facebook changes up too much?