In December 2009, the Electronic Privacy Information Center and other privacy advocates filed a complaint with FTC saying that Facebook’s changes to its privacy policies disclosed “personal information to third parties that was previously not available” and that those changes violated user expectations of the service.
The FTC settlement also lists several other instances where Facebook “allegedly made promises it did not keep” such as promising that it did not share personal information with advertisers, did not share unnecessary data with third-party app makers, did not verify the security of third-party applications, would not retain data that it told users had deleted on its servers and would comply with the U.S.-European Union Safe Harbor framework on privacy.
Facebook has already addressed some of these complaints ahead of the settlement, co-founder and CEO Mark Zuckerberg wrote in a blog post Tuesday, saying that it had canceled its Verified Apps program and fixed a problem that gave advertisers access to users’ ID numbers.
What’s in the settlement?: The provisions in the settlement are very similar to what the agency worked out with Google over its Buzz social network. The network must put a “comprehensive privacy program” in place and obtain express user consent before “enacting changes that override” a user’s privacy preferences.
Facebook has also agreed that it will notify users when it changes the way it shares data and has consented to privacy audits for the next 20 years.
How does that affect average users?: Average users will likely see a more changes to the network on privacy issues, particularly because of the settlement’s provision that Facebook make any changes to privacy that overrule a user’s personal privacy preferences an opt-in decision.
This also affects users who wish to delete their accounts. Currently, if you delete your Facebook account, some of your profile content can still be accessed online. The settlement requires that no one may access content from a deleted account 30 days after it has been deleted.
How does this affect Facebook?: Facebook is adding two new privacy officers, Zuckerberg announced Tuesday. Erin Egan, who recently joined the firm, will become the Chief Privacy Officer, Policy, and Michael Richter — Facebook’s current lead privacy counsel — will become the network’s chief privacy officer of products.
If the network violates the agreements in the settlement moving forward, it could be fined up to $16,000 per violation.
The news comes as reports surface about Facebook’s planned initial public offering, which a Wall Street Journal report indicates may value the company at $100 billion. Clearing up the privacy complaint with the FTC could be a boon for the company, analysts say, and clear the way for a stock offering if the company can keep a strong reputation with its 800 million users.
(The Washington Post Co.’s chairman and chief executive, Donald E. Graham, is a member of Facebook’s board of directors.)
Facebook settles privacy complaint, agrees to ask permission for privacy changes
Report: Facebook, FTC close to settlement on privacy
Facebook continues D.C. hiring spree with White House, privacy expert hires