Snapchat agrees to settlement with FTC over privacy complaints

Filed Under: Data loss, Featured, Mobile, Privacy, Social networks

FTC-logoSnapchat and the US Federal Trade Commission (FTC) agreed to terms in a settlement over privacy complaints, including that the fast-growing mobile messaging service had "deceived users."

According to a statement by the FTC, Snapchat made "multiple misrepresentations to consumers about its product that stood in stark contrast to how the app actually worked," among a list of other complaints.

Under the terms of its settlement with the FTC, Snapchat will be prohibited from misrepresenting user data privacy, and will be required to implement a comprehensive privacy program that will be monitored for the next 20 years.

The agreement is open for public comment until 9 June 2014, when the FTC will make its final decision. The five-member panel voted 5-0 to make the recommendation.

SnapchatSnapchat wrote on its blog that it made "mistakes" in the early days of the company, but that is has "fixed" the problems that have plagued the company in recent months.

Let's hope that Snapchat has learned its lesson, because the list of complaints against it is long.

The main concern of the FTC's complaint against Snapchat was its false claim that user snaps (photos and videos taken of the user using the app) would "disappear forever."

A security bungle in December 2013 led to a data breach of 4.6 million of Snapchat users' names and phone numbers, which also got the FTC and the US Congress interested.

From the FTC's announcement of the settlement, we find out that the Snapchat app was harvesting contacts from users without their knowledge or consent, and did not secure the "Find friends" feature that allowed users to search phone numbers.

According to the FTC:

Snapchat's privacy policy claimed that the app only collected the user's email, phone number, and Facebook ID for the purpose of finding friends.

Despite these representations, when iOS users entered their phone number to find friends, Snapchat also collected the names and phone numbers of all the contacts in their mobile device address books.

Snapchat continued to collect this information without notifying or obtaining users' consent until Apple modified its operating system to provide such notice with the introduction of iOS 6.

That's not all - Snapchat also misrepresented its collection of location data from users of its Android app, which it stored unencrypted, despite claiming otherwise in its privacy statement.

It's no secret that Snapchat has invited controversy from the get-go, and its handling of privacy concerns has been clumsy.

However, the company now says it is taking user privacy and security seriously.

In its 8 May 2014 blog post, Snapchat said that it will "continue to invest heavily in security and countermeasures to prevent abuse."

Snapchat's statement continues:

We are devoted to promoting user privacy and giving Snapchatters control over how and with whom they communicate. That's something we've always taken seriously, and always will.

snapchat-settlement-170Snapchat's shady history

Snapchat's messenger service initially gained popularity due promises that the selfie images users shared from the app would be deleted after a few seconds, making it ideal for spontaneous sexting.

Not so fast - the pictures and videos stay right on a user's phone and the recipient can easily grab screenshots or use workarounds to save the snap.

After Snapchat's rocky beginnings, the company's rapid growth attracted the attention of Facebook, which offered to buy Snapchat in 2013 for $3 billion.

Snapchat's founding CEO Evan Spiegel refused the offer, and Facebook turned around to acquire another mobile messenger app, WhatsApp, for $19 billion.

The Snapchat messenger app is most popular with young people, and has been used by 46% of 12-24 year-olds in the US, with 50 million active monthly users.

As we remarked after Snapchat refused to appear before a US Senate committee on data breaches back in March 2014, young companies like WhatsApp and Snapchat have been reckless in their disregard for user data security.

Snapchat now confesses that it was focused on things other than user privacy - which isn't comforting - and the company only acknowledges some of the truth:

While we were focused on building, some things didn't get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community.

Completely misrepresenting its policies to users was only part of the problem - Snapchat's total lack of security for the data it collects was most egregious.

Now the company will have the watchful eye of a privacy auditor for the next 20 years, so it will have to follow through on its promises.


, , , , , , , , , ,

You might like

5 Responses to Snapchat agrees to settlement with FTC over privacy complaints

  1. Hugh Dixon · 165 days ago

    Obviously snapchat can't guarantee what the recipient will do. I could use a digital camera and take a photo of the snapchat on my phone. How are they going to prevent that? How is this snapchats fault?

    • John Zorabedian · 165 days ago

      Snapchat made explicit promises to its users that their snaps would be deleted when they weren't. That's called lying.

      Snapchat can't control what users do with the app, but they sure ought to tell the truth about what it does.

      • Paul Ducklin · 164 days ago

        Snapchat doesn't call it "lying," but instead calls it not being "precise with how we communicated with the Snapchat community" :-)

  2. Jim · 164 days ago

    What happened to hefty fines from the FTC when a company is so in violation of most every FTC rules? Or did I miss that paragraph?

    • John Zorabedian · 162 days ago

      I suggest you take that up with the FTC! Public commenting is open until June 9th. :-)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.