FTC Settles with Facebook
Facebook is quickly approaching the 1 billion members mark, and it’s also growing daily as a new revenue source for affiliate and online marketers. Through Facebook Ads, advertisers can target nearly all members of Facebook based on their demographics and interests. There has been a lot of discussion on Facebook and their privacy settings lately. This article will discuss the latest FTC settlement with Facebook. It seems like Facebook is always in the news for something, but they just keep growing and chugging along… is Facebook too big to fail?
On November 29, 2011, theÂ Federal Trade CommissionÂ settledÂ allegations that Facebook violated Section 5 of the FTC Act by virtue of its privacy practices.Â Â The FTCâ€™s enforcement action against Facebook isÂ a clearÂ example of the FTCâ€™sÂ efforts to ensure that websites live up to the privacy promises they make to consumersÂ and that Facebookâ€™s innovations will not come at the expense of consumer privacy.
The FTC’s complaint alleges that Facebook engaged in unfair trade practices by repeatedly failing to conform to its own promises regarding privacy to its hundreds of millions of users.Â Specifically, the FTC alleges that although Facebook informed customers that they could â€œcontrol who can seeâ€ their profile information by using privacy settings to restrict access to their profiles, these settings did not prevent certain third party applications from accessing their profile information.
The Commission also alleges that Facebook:
- Made changes to its website that made public, information that users previously designated as private, without adequate notice;
- Represented that third party applications would only be able to access profile information that was necessary to operate the application, but were oftentimes given unlimited access to consumer’s profile information;
- Provided advertisers with information about users despite promises that it would not do so; and
- Represented that users profile information, including photos and videos, would be in accessible upon deletion of accounts.Â However, Facebook continued to allow third parties to access such content after accounts were deactivated or deleted.
Pursuant to the terms of the proposed settlement, Facebook is barred from further misrepresenting its privacy practices and is required to obtain opt-in consent from users prior to making changes that override their privacy preferences.Â Facebook must also ensure that a userâ€™s information cannot be accessed by anyone after a reasonable period of time, not to exceed 30 days, following the userâ€™s deletion of his or her account, and implement a comprehensive program that protects the privacy and confidentiality of usersâ€™ information.Â Lastly, Facebook must obtain independent privacy compliance audits every two years for the next twenty years, certifying that it has a privacy program in place that satisfies the requirements of the FTC consent decree.
Inasmuch asÂ the FTC has recently agreed toÂ consent decrees with both Google and Twitter involvingÂ record keeping obligations, the FTC now appears to possessÂ regulatory oversight over the privacy and data security practices of the big threeÂ social networking companies in the United States.
Wait... before you leave, consider these top resources: