Storyline

Social networking software

Facebook Settles With the FTC

Nov 29 01:29

Thanks, Feds: Facebook's 5 Big Privacy Changes

Facebook will soon be on privacy probation, thanks to a proposed settlement with the Federal Trade Commission.

The FTC has accused Facebook of deceptive privacy policies that have caused users to share more information than intended. Among the Feds' allegations: Facebook made friend lists public without telling users in advance; gave apps access to data they didn't need; and hangs onto data even after users delete their accounts.

Instead of fighting the FTC, Facebook is settling. All that stands in the way of acceptance is a 30-day comment period. Assuming the agreement gets approved, here are the privacy changes Facebook has agreed to make:

No More Lies

The FTC says Facebook is "barred from making misrepresentations about the privacy or security of consumers' personal information." It's an obvious rule, but good to have on paper.

Opt-In, Not Opt-Out

If Facebook makes any changes that override a user's existing privacy settings--such as the visibility of friend lists or status updates--the site will have to get "affirmative express consent" beforehand. In other words, it's the end of opt-out privacy changes.

read more

"Delete" Means "No Access"

If you delete your account, Facebook has 30 days to make your data inaccessible to anyone. This may be a response to allegations from 2008 that Facebook keeps copies of user data on its servers indefinitely, even after users have deleted their accounts. A more recent discovery, that Facebook keeps active users' removed data on file--such as a status update you later regretted posting--doesn't seem to be affected here.

A Privacy Program

The FTC wants Facebook to establish a "comprehensive privacy program" to address any issues that might come up with new products or services.

Privacy Probation

To make sure the privacy program satisfies the FTC, Facebook will get a third-party audit every two years for the next two decades. By agreeing to this, Facebook enters the same doghouse as Google, which also agreed to biannual audits in the wake of Google Buzz privacy snafus.

In a blog post, Facebook CEO Mark Zuckerberg says his company has already addressed some of the FTC's concerns. For example, over a year ago, Facebook fixed an exploit that allowed app developers to sell personally-identifying information to advertisers. Starting today, Facebook is also creating two "Chief Privacy Officer" roles--one for policy and another for products.

Zuckerberg says Facebook has done a good job of providing transparency and control over the years, but he also admits that his company has made mistakes.

"Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected," Zuckerberg writes. "It's important for people to think about this, and not one day goes by when I don't think about what it means for us to be the stewards of this community and their trust."

Follow Jared on Twitter, Facebook or Google+ for even more tech news and commentary.

Add Your Comment

user avatar

2

Nov 11 10:18

Privacy: Will Facebook Ever Get It?

Privacy: Will Facebook Ever Get It?
With Facebook reportedly close to cutting a deal with the U.S. Federal Trade Commission (FTC) over privacy sins dating back to 2009, the question remains whether the social network's brain trust really gets the privacy issue.

The details--reported by the Wall Street Journal--of Facebook's imminent pact with the FTC describe an agreement that gives the socnet plenty of room to violate its members' privacy in the future. That's because the deal affects a standing target--all the data currently on the system--and not the moving one, which is data added to the network in the future. It is the latter Facebook needs to address if privacy is truly going to be protected on the network.

Under the reported agreement, Facebook would need to obtain your permission before subjecting you to changes in its privacy policy that will "materially" affect how it handles your information. In the case before the FTC -- which the agreement would settle -- Facebook changed its privacy policy in 2009 so that information previously kept private, such as name, picture, city, gender and friends list, was suddenly made public.

The date you joined Facebook will affect the agreement's notification requirement. What Facebook can do with your data will vary depending on what version of its privacy policy was in effect when you joined the network. Not only will that be totally confusing to you and everyone else on the network, but it should create some nightmares for Facebook's administrators, too.

In addition, expressed consent won't be needed for all changes nor will it be needed for new changes. That means if Facebook rolls out a feature like facial recognition or Timelines, which have significant privacy implications, it can do so whether you want to participate in the rollout or not.

Read More

8

Nov 29 10:40

Facebook Settles FTC Privacy Complaints

Facebook has agreed to settle U.S. Federal Trade Commission charges that it deceived consumers "on numerous occasions" by telling them they could keep their personal information private, then repeatedly sharing that information, the agency said Tuesday.

The FTC found a "number of instances" when Facebook made privacy promises it did not keep, the agency said in a press release. The FTC charged Facebook with unfair and deceptive business practices in an eight-count complaint made public Tuesday.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said Jon Leibowitz, the FTC's chairman. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

Under the proposed settlement, Facebook is barred from making further deceptive claims about privacy, and it is required that the company get consumers' approval before it changes the way it shares their data. The proposed settlement also requires Facebook to obtain periodic assessments of its privacy practices by independent auditors over the next 20 years, the FTC said.

The settlement has no fines, because the FTC does not have fining authority for violations of the FTC Act, Leibowitz said. Facebook would be subject to fines of US$16,000 per violation per day, however, for violating the settlement, he said.

Read More

2