FTC Settles with Facebook

Facebook is quickly approaching the 1 billion members mark, and it’s also growing daily as a new revenue source for affiliate and online marketers. Through Facebook Ads, advertisers can target nearly all members of Facebook based on their demographics and interests. There has been a lot of discussion on Facebook and their privacy settings lately. This article will discuss the latest FTC settlement with Facebook. It seems like Facebook is always in the news for something, but they just keep growing and chugging along… is Facebook too big to fail?

On November 29, 2011, the Federal Trade Commission settled allegations that Facebook violated Section 5 of the FTC Act by virtue of its privacy practices.  The FTC’s enforcement action against Facebook is a clear example of the FTC’s efforts to ensure that websites live up to the privacy promises they make to consumers and that Facebook’s innovations will not come at the expense of consumer privacy.

The FTC’s complaint alleges that Facebook engaged in unfair trade practices by repeatedly failing to conform to its own promises regarding privacy to its hundreds of millions of users.  Specifically, the FTC alleges that although Facebook informed customers that they could “control who can see” their profile information by using privacy settings to restrict access to their profiles, these settings did not prevent certain third party applications from accessing their profile information.

The Commission also alleges that Facebook:

  • Made changes to its website that made public, information that users previously designated as private, without adequate notice;
  • Represented that third party applications would only be able to access profile information that was necessary to operate the application, but were oftentimes given unlimited access to consumer’s profile information;
  • Provided advertisers with information about users despite promises that it would not do so; and
  • Represented that users profile information, including photos and videos, would be in accessible upon deletion of accounts.  However, Facebook continued to allow third parties to access such content after accounts were deactivated or deleted.

The alleged violations of Section 5 of the FTC Act also include a failure to comply with the substantive privacy requirements of the United States-European Union Safe Harbor Framework, a voluntary framework that allows companies to transfer personal data from the European Union to the United States in compliance with European Union law.  Since at least 2009, Facebook has maintained self-certification with the Department of Commerce under the Safe Harbor program, under which it has declared its compliance with the seven Safe Harbor privacy principles in its public Privacy Policy and on the U.S. Department of Commerce website.  In its complaint, the FTC alleged that Facebook failed to comply with the Safe Harbor principles of Notice and Choice that required it to inform individuals about all the purposes for which it collected their data and to give those individuals a choice about how their information would be used.

Pursuant to the terms of the proposed settlement, Facebook is barred from further misrepresenting its privacy practices and is required to obtain opt-in consent from users prior to making changes that override their privacy preferences.  Facebook must also ensure that a user’s information cannot be accessed by anyone after a reasonable period of time, not to exceed 30 days, following the user’s deletion of his or her account, and implement a comprehensive program that protects the privacy and confidentiality of users’ information.  Lastly, Facebook must obtain independent privacy compliance audits every two years for the next twenty years, certifying that it has a privacy program in place that satisfies the requirements of the FTC consent decree.

According to Mark Zuckerberg, founder and CEO of Facebook, the company will create two new corporate officer position, Chief Privacy Policy Officer and Chief Privacy Products Officer.

Inasmuch as the FTC has recently agreed to consent decrees with both Google and Twitter involving record keeping obligations, the FTC now appears to possess regulatory oversight over the privacy and data security practices of the big three social networking companies in the United States.

This guest post was written by Richard B. Newman, an Internet attorney that specializes in performance marketing and regulatory compliance at Hinch Newman LLP in New York, New York.

Similar Posts


  1. Hi,

    No doubt in that Facebook is #1 site in social media but in that privacy have own place which is bigger from all so i think these kind of disturbance should be over as soon as possible.
    My recent post Goa Carnival 2012

  2. That a really good post. Thank you for sharing and hopefully they do what they promised.

    My recent post Cyber-Cops

  3. Sometimes, those who earn more attracts more controversies as well. They are being chased by all government agencies because they know they can make money out of them…. Out of Facebook.

  4. Would this be why Facebook now require a flaming passport to be scanned to prove who you are when you account is hacked?

    I spent hours trying to sort this out for my tearful girlfriend yesterday. Someone hacked into her account and changed the password, I managed to get back in but someone had reported the account had been hacked so Facebook won't unlock it until a passport has been scanned.
    My recent post November 2011 Blog Income Report

Comments are closed.