Facebook is settling government charges it “deceived” users that their information would be kept private, although it was “repeatedly” shared with the public, the Federal Trade Commission announced Tuesday.
The deal, which carries no financial penalties, demands that the social-networking site obtain “express consent” of their 850 million users before their information “is shared beyond the privacy settings they have established.”
“The most important thing here is to ensure consumer privacy going forward,” Jon Leibowitz, the FTC chairman, said in a conference call with reporters. He said the FTC doesn’t have “fining authority.”
The settlement, (.pdf) in which Facebook admits no fault, is a win for Facebook as it clears up uncertainty over U.S. government regulation of the social-networking giant ahead of an IPO reportedly planned for this spring. The settlement to the FTC’s complaint (.pdf) also doesn’t force Facebook to roll back to the permission system that existed prior to Dec. 2009, when users could keep the things and people they liked private.
The site also has agreed to an external privacy audit every two years for the next 20 years, and to stop showing users’ information 30 days after they close their account. Maneesha Mithal, an FTC director, said on the conference call that the audits may not be publicly available. She said they would be subject to the Freedom of Information Act, but whether they would see the light of day would be determined on a “case-by-case basis.”
Mark Zuckerberg, Facebook’s founder, said Tuesday that, “overall,” Facebook has a “good history of providing transparency and control over who can see your information.”
Zuckerberg added, “I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”
Consumer groups applauded the settlement because it underscores that companies need “express consent” if “you materially change your practices and expose user information publicly,” said Jules Polonetsky, director of the Future of Privacy Forum.
The American Civil Liberties Union agreed. Chris Conley, an ACLU attorney, said, “This settlement is an important step, making it clear that companies can’t simply change the rules without asking users’ permission.”
The FTC’s complaint against Facebook accuses it of making false privacy promises.
Among them:
*Facebook in 2009 changed its website so that some information that users may have designated as private — their friend’s list, the things they like and their geographic location — was made public. Thereafter, that information had to stay public. “They didn’t warn users that this change was coming, or get their approval in advance,” the FTC said.
*Facebook said third-party apps would access just the information needed to operate. But the apps “could access nearly all of users’ personal data — data the apps didn’t need,” the FTC said.
*The social-networking site promised users that it would not share personal information with advertisers. “It did,” according to the FTC.
Photo: _max-B’s photostream/Flickr