As anyone who’s ever used Facebook knows, it’s not exactly a bastion of the private: Users voluntarily cough up unbelievable amounts of personal information about themselves on a daily basis. Everyone has read a post by a friend and thought, “I would never put that on Facebook!”
Groups including the Electronic Privacy Information Center (EPIC) in Washington, DC, and consumer advocacy organizations complained to the FTC in 2009 after Facebook changed the privacy settings of its users and misrepresented how much user information third-party apps could access. For instance, certain information that users may have designated as private – such as their Friends List – was made public, and Facebook failed to warn users this was happening.
Facebook Promises to Be More Transparent
“We believed that was an unfair business practice and made it virtually impossible for even diligent users to control the use of their information they provided to the company,” says EPIC President Marc Rotenberg, who teaches information privacy law at Georgetown University Law Center.
In November 2011, Facebook announced it would settle the charges with the FTC. (Read the complaint here.) Facebook CEO Mark Zuckerberg responded, where else but on Facebook, with a long ramble about how much his company prized its users’ privacy. “Even before the agreement announced by the FTC [on November 29], Facebook had already proactively addressed many of the concerns the FTC raised,” he claimed.
Under the settlement, Facebook agrees to:
- give consumers clear and prominent notice and obtain their express consent before sharing their information beyond their privacy settings (i.e., with third-party apps)
- maintain a comprehensive privacy program to protect consumers’ information
- undergo biennial privacy audits from an independent third party for the next 20 years
The settlement didn’t carry any fines, but any future violations of the settlement will cost the company $16,000 a day.
The Facebook settlement comes on the heels of an FTC-record-breaking $22.5 million fine against Google over allegations that it violated the privacy of users through tracking cookies on Google sites for Apple Safari users and then sending them targeted ads. Coming the day before the settlement, that whopper of a fine makes the Facebook action look rather paltry by comparison.
What the Settlement Means for Users
“Fundamentally, users will have more control over the personal information that they make available to Facebook,” says Rotenberg. He adds that the provision requiring 20 years of privacy audits is typical of such settlements.
In fact, EPIC is not thoroughly impressed with the settlement. “We believe the FTC could have done more,” Rotenberg says. “The most obvious would have been to restore the user privacy settings as they were before Facebook changed them.” Why did the company change them in the first place? In its effort to “monetize” its user base (a favorite term of art among social media marketers), “Facebook is collecting vast amounts of information on Internet users,” he says.
Rotenberg said the FTC could have also required Facebook to let users actually see the information that is being collected about them, and it should have limited facial recognition techniques for auto-tagging photos. The FTC claims facial recognition data is covered by the settlement.
“Overall, it is a good outcome,” Rotenberg allows. “Still, privacy remains a top concern for Facebook users. We expect that there will be more developments in the future.”
Do you think you have enough privacy protections as a Facebook user? Post your opinion below.