Facebook will soon be on privacy probation, thanks to a proposed settlement with the Federal Trade Commission.
The FTC has accused Facebook of deceptive privacy policies that have caused users to share more information than intended. Among the Feds’ allegations: Facebook made friend lists public without telling users in advance; gave apps access to data they didn’t need; and hangs onto data even after users delete their accounts.
Instead of fighting the FTC, Facebook is settling. All that stands in the way of acceptance is a 30-day comment period. Assuming the agreement gets approved, here are the privacy changes Facebook has agreed to make:
No More Lies
The FTC says Facebook is “barred from making misrepresentations about the privacy or security of consumers’ personal information.” It’s an obvious rule, but good to have on paper.
Opt-In, Not Opt-Out
If Facebook makes any changes that override a user’s existing privacy settings–such as the visibility of friend lists or status updates–the site will have to get “affirmative express consent” beforehand. In other words, it’s the end of opt-out privacy changes.
“Delete” Means “No Access”
If you delete your account, Facebook has 30 days to make your data inaccessible to anyone. This may be a response to allegations from 2008 that Facebook keeps copies of user data on its servers indefinitely, even after users have deleted their accounts. A more recent discovery, that Facebook keeps active users’ removed data on file–such as a status update you later regretted posting–doesn’t seem to be affected here.
A Privacy Program
The FTC wants Facebook to establish a “comprehensive privacy program” to address any issues that might come up with new products or services.
To make sure the privacy program satisfies the FTC, Facebook will get a third-party audit every two years for the next two decades. By agreeing to this, Facebook enters the same doghouse as Google, which also agreed to biannual audits in the wake of Google Buzz privacy snafus.
In a blog post, Facebook CEO Mark Zuckerberg says his company has already addressed some of the FTC’s concerns. For example, over a year ago, Facebook fixed an exploit that allowed app developers to sell personally-identifying information to advertisers. Starting today, Facebook is also creating two “Chief Privacy Officer” roles–one for policy and another for products.
Zuckerberg says Facebook has done a good job of providing transparency and control over the years, but he also admits that his company has made mistakes.
“Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected,” Zuckerberg writes. “It’s important for people to think about this, and not one day goes by when I don’t think about what it means for us to be the stewards of this community and their trust.”