Facebook has settled Federal Trade Commission charges of deceptive behaviour over privacy settings
Privacy advocates have long insisted that consumer privacy was at risk because companies could change their privacy policies “at a whim”, according to Berin Szoka, president of advocacy group TechFreedom. The settlement “makes clear that changes to what a company may do with information already collected require informed user consent”, Szoka said.
The FTC listed eight instances where Facebook did opposite of what it promised, such as claiming that it would not share personal information with advertisers or with third-party developers and not retaining data that users had deleted. Facebook also allowed third-party applications to see data that users had shared only with friends. The FTC charged Facebook with not complying with theUS-EuropeanUnionSafeHarborframework on privacy.
Right To Be Forgotten
Under the new settlement, Facebook is now required to make all content from a deleted account inaccessible 30 days after the user deletes the account, unlike the current situation where some data can still live on.
Facebook has already addressed some of these complaints, Zuckerberg wrote in a blog post following the FTC announcement. The company has made a “bunch of mistakes” around user privacy, and since then has rectified those mistakes, such as cancelling its Verified Apps programme which claimed to verify the security of certain apps, and fixing the problem that gave advertisers access to users’ ID numbers, which resulted in user information being shared with third-parties.
“I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done,” Zuckerberg wrote. Beacon was a programme in which Facebook users’ Internet activities were shared with friends.
Zuckerberg also announced that Facebook will be adding two new executives to oversee privacy. Erin Egan has been named chief privacy officer of policy and Michael Richter, the current lead privacy counsel, has been promoted to chief privacy officer of products.
Overall, Facebook has a “good history of providing transparency and control over who can see your information”, Zuckerberg said. “We have led the Internet in building tools to give people the ability to see and control what they share,” he added.
The new privacy officers were not enough for Jeff Chester, executive director at the Centre for Digital Democracy. “We call on Mark Zuckerberg and the Facebook board of directors to accept responsibility for this breach of conduct. They should resign and be replaced by officials that have strong pro-privacy credentials,” Chester said.
Google agreed to similar audits in March, when it settled FTC charges of falsely representing how it would use personal information as part of now-dead Buzz micro-blogging site.