FTC settles with Facebook, alleges promises weren't kept

Filed Under: Facebook, Featured, Law & order, Privacy, Social networks

Facebook Vs. FTCThe United States Federal Trade Commission announced a proposed settlement with Facebook Inc. over their alleged deceptive practices regarding privacy.

The FTC launched an investigation into Facebook after a complaint was filed by the Electonic Privacy Information Center (EPIC) and a coalition of other privacy groups.

The FTC's investigation resulted in an eight-count complaint against the social media giant. The complaint lists several cases where "Facebook allegedly made promises it did not keep."

The FTC's press release lists the most prominent of the issues that got Facebook into trouble:

  • In December 2009 Facebook changed things that were private (friends list, etc) to public without warning or consent.
  • Facebook told users third-party applications would only have limited access to information, when they could access nearly all of a users information.
  • Facebook presented misleading privacy settings like "Friends Only" which in reality means your friends and any applications it might choose to use.
  • Facebook claimed to have a "Verified Apps" program that certified these apps were secure, it didn't.
  • Facebook promised it would not share their information with advertisers, but it did.
  • Facebook claimed to delete users photos and videos when they deactivated/deleted their accounts, but didn't.
  • Facebook claimed to comply with the US-EU Safe Harbor Framework for data transfer across borders, but didn't.

If the settlement proceeds the FTC would require Facebook to agree to the following conditions:

  • Stop misrepresenting security and privacy policies regarding users' personal information.
  • Obtain express consent when changing the handling of existing personal information.
  • Prevent people from accessing information from deleted/deactivated accounts after 30 days.
  • Establish and maintain a comprehensive privacy program addressing both new and existing products.
  • Undergo third-party privacy audits certifying that it meets or exceeds the FTC's requirements for the next 20 years.

The settlement now enters into a public comment period where residents of the United States can provide feedback to the FTC on the fairness of the settlement.

I think the measures the FTC suggests in the settlement will go a long way to ensuring Facebook users are aware of how their data is being handled and provide necessary oversight to be sure policies are followed.

What concerns me is that this is a "consent agreement" and therefore "does not constitute an admission by the respondent that the law has been violated."

Facebook manifestoWhat the FTC is alleging is an enormous abuse of power by a multi-billion dollar company. No fines? No admission of guilt? Where is the punishment for abusing our privacy rights for the last 5 years?

This settlement doesn't address all of the suggestions Naked Security has made to Facebook about security on their platform, but it may result in more respect for their users' privacy.

, , , , , ,

You might like

5 Responses to FTC settles with Facebook, alleges promises weren't kept

  1. Julie · 1409 days ago

    That is only a slap on the hand...no REAL punishment or discouragement to the creators of Facebook to up change their ways; and safe guard their users "Privacy".

  2. Joanne · 1409 days ago

    Why are more people not concern, especially the younger generation who are going to regret a lot of the teenage postings if they are still "out there" long after they've grown up and deleted them?

    • Because regretting what you did when you were young isn't something that happens until you're older.

      ...and the Internet never forgets.
      This is why education about internet privacy and data security is something that should start before children are let loose on a computer, and then reiterated at the appropriate level each year until the children have graduated.

      It should also be done by their parents, but first we have to educate the parents not to post incriminating things on Facebook... this is definitely not just an issue with the youth of this generation.

  3. Nigel · 1408 days ago

    I don't understand what "punishment" is supposed to accomplish...well, other than fulfilling an emotional need for revenge. It is an absurd notion that taking revenge on criminals (like Facebook) is somehow constructive.

    Here's a higher concept--one that actually has something to do with REAL justice. It's called restitution. Facebook has plundered its users by commoditizing their personal information without their permission, and in most cases, without their knowledge. It accomplished that crime through deceptive practices, non-transparency, and changing the rules without the knowledge of its users.

    I does me no good if Facebook is fined by state agencies or court rulings if all the money goes to the same idiotic bureaucracies that failed to prevent such crimes in the first place. Revenge via punitive fines simply compounds the INjustice, actually, by paying the money to the wrong people. How was the state harmed? The invasion of privacy was committed by Facebook against its USERS, not against a bunch of politicians and bureaucrats. I don’t want revenge. I want justice.

    Punishment is infantile. Restitution is justice. Facebook should not have to pay "fines" to the nameless, faceless, incompetent mechanisms of the state. If there were any real justice, Facebook should pay restitution to each and every user who has been victimized by its deceptive, criminal actions.

  4. This is all really great news, but there’s still pieces missing to this story...What about our privacy outside of Facebook? Something needs to be done about the fact that they can still track our activity outside of the social network. More on the tracking side of the story here: http://www.abine.com/wordpress/2011/facebook-ftc-...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.