FTC finalizes Facebook settlement
By Hayley Tsukayama,
Note: This story was updated Wednesday, Aug. 15.
The Federal Trade Commission Friday approved a final settlement with Facebook that was originally proposed last November.
To refresh your memory, the FTC alleged that Facebook was freer with its users’ personal information than was outlined in its published privacy policies. Facebook denied the allegations but agreed under the order to clarify its privacy settings, to keep a comprehensive privacy program in place to protect consumer information, and to submit to biennial privacy audits. After announcing the settlement, the FTC opened up the order to public comment until Dec. 30, 2011.
On Friday, the FTC announced that its commissioners had approved the final settlement with a vote of 3-1-1. The order also specified that facial recognition data falls under information covered in the settlement, addressing a separate complaint from the Electronic Privacy Information Center that asked the agency to prevent Facebook from making facial recognition profiles of users without their consent.
In a statement, Facebook said, “We are pleased that the settlement, which was announced last November, has received final approval.”
Commissioner J. Thomas Rosch submitted a dissenting opinion on the matter; Commissioner Maureen K. Ohlhausen did not participate in the vote.
In his dissent, Rosch raised two points: whether the commission should change its process to keep defendants from denying charges — as Facebook has — and whether the settlement applies to apps hosted within Facebook.
Rosch used The Washington Post Social Reader app as an example in his statement, noting that setting Facebook’s privacy settings to limit sharing information on users’ News Feeds did not affect what other app users saw within the reader itself. To manage what other app users see in the app, they can choose to hide reads on an article-by-article basis.
Washington Post spokesperson Kris Coratti says that Rosch’s description of Washington Post Social Reader is no longer accurate.
“Several months ago, The Post updated the application so that a user’s Facebook privacy settings for the app now also apply to what information is shared with other users within the app itself. This means that users can choose to turn off all sharing within the app at one time, either when installing the app or through their Facebook privacy settings after the app has been installed,” she said.
Asking users to manage privacy settings separately for Facebook and for Facebook apps, Rosch said, is not acceptable. “I would include language in the order to make that clear, lest Facebook argue subsequently that the Commission order only covers deceptive conduct engaged in by Facebook itself,” he wrote.
The second point raises another interesting question for the social network, which has made great strides in strengthening its platform for developers who want to tap into the audience of Facebook’s 955 million users. The company recently set up an app center to make it easier to find apps for its social network, as well as for mobile devices.
Concerns about how app platforms should deal with privacy have already been raised about Apple and Google. Those companies, as well as Amazon, Microsoft, Hewlett Packard and Research in Motion agreed in February to a set of regulations aimed at improving privacy on the apps they sell through their stores. Provisions include allowing consumers to review app privacy policies before they download them.
(The Washington Post Co.’s chairman and chief executive, Donald E. Graham, is a member of Facebook’s board of directors.)