Facebook Settles Over Misleading Privacy Changes

Facebook and the Federal Trade Commission (FTC) have reached a settlement over charges the social networking giant engaged in deceptive behaviour when it changed its users’ privacy settings without permission.

The FTC settlement bars the social networking site from making any “further deceptive privacy claims” and requires Facebook to get explicit approval from users before changing how data is shared, the FTC announced. Facebook must provide “clear and prominent notice” before data is shared, and establish a comprehensive privacy programme that is subject to a third-party audit within 180 days and every two years for the next 20 years.

Hefty daily fines

While Facebook does not have to pay any penalties at the moment, it faces fines of up to $16,000 (£10,263) per day for violating the terms, going forward.

This means users are likely to see more announcements and notifications from Facebook regarding privacy issues. The settlement also requires Facebook to offer all changes that could potentially override existing settings as an opt-in decision. This is a dramatic departure for a company that has long been accused of requiring users to opt-out to maintain their privacy.

“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” said FTC chairman Jon Leibowitz.

The FTC voted to accept the proposed settlement in a 4-0 vote. The agreement is subject to public comment for 30 days, after which the commission would vote to finalise the settlement. The settlement is also a “consent agreement” and does not “constitute an admission by the respondent that the law has been violated”, according to the FTC.

Most of the concerns presented to the FTC in this inquiry have long since been resolved satisfactorily, according to Daniel Castro, senior analyst at the Information Technology and Innovation Foundation.

“Rather than impose heavy-handed regulations or engage in expensive and unproductive litigation, policymakers should continue to work in partnership with the private sector to balance privacy with innovation,” Castro said.

Epic moves against Facebook

The FTC charged Facebook after investigating the company in response to a complaint filed by the Electronic Privacy Information Centre (Epic), a Washington-based advocacy group on 17 December, 2009. Facebook had changed its default privacy settings in order to provide users with a “simpler model for privacy control”, Mark Zuckerberg (pictured), Facebook founder and CEO, said at the time.

However, Epic alleged in its complaint that consumers were harmed when it turned out the changes had resulted Facebook’s disclosing “personal information to third parties that was previously not available”, such as making accessible the profiles of users who had deactivated or deleted their accounts.