The Federal Trade Commission and Facebook have reached a settlement on charges that Facebook deceived consumers "by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public."
The settlement will require that Facebook must:
- Not make misrepresentations about the privacy or security of consumers' personal information.
The FTC alleged that Facebook:
- Changed its website so certain information that users may have designated as private -- such as their Friends List -- was made public. They didn't warn users that this change was coming, or get their approval in advance.
In its 19-page complaint, the FTC pointed to numerous examples of Facebook's claims that it never shares user data with advertisers. Yet, according to the federal agency, "Facebook has shared information about users with Platform Advertisers by identifying to them the users who clicked on their ads and to whom those ads were targeted."
In its press release about the settlement, the FTC noted "The complaint is not a finding or ruling that the respondent has actually violated the law. A consent agreement is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated."
In a blog post, Facebook CEO Mark Zuckerberg didn't respond directly to the FTC's allegations, but admitted that "we've made a bunch of mistakes," and said that he has appointed two privacy officers to "further strengthen the processes that ensure that privacy control is built into our products and policies." Zuckerberg also pointed out that the settlement with the FTC has conditions that similar to those established between the FTC and both Google and Twitter.
In an interview, Facebook's spokesperson Barry Schnitt pointed out that some of the charges leveled by the FTC were incidents that were rare and inconsequential. "It is our policy and our intent not to share personal information with advertisers," he said. When it happened it was a result of what's called a 'referer,' that passes on the URL of the the page a user is on when they click on a link. That passes on a user ID which, in theory, could be used by an advertiser to look up the name of the person. But, said Schnitt, "They would have to go to the Web log and figure it out and then they would see public info from the user. And we fixed it a year and a half ago on our own." He said there is no evidence that any advertisers actually went and did this."
What this should mean to consumers:
In theory, what this should mean to consumers is that they can rely on information about privacy from Facebook as being accurate and complete. It should also mean that the information will be presented clearly and in language that the average person can easily understand.
Facebook must also be very clear about information shared with third parties, including app developers and advertisers.
It further means that whatever privacy protections are in place when you sign up for Facebook will remain in place unless you specifically agree to accept the changes.
What I'm hoping this means is that Facebook can do this without further complicating its privacy policies or settings.
Users still have to be vigilant
Even assuming Facebook keeps its promises to the FTC, users will still have to be vigilant about what they post on Facebook and what they agree to share with other users and third parties, including advertisers and the thousands of Facebook app developers. This includes learning about Facebook's default privacy settings, knowing how to change those settings if necessary and understanding it new simplified "inline privacy" tool that allows users to select the audience each time they post content. It also requires that users understand how third party apps work and what information Facebook passes on to those app developers.
Hopefully, Facebook will clarify its privacy policies and settings and better enforce them with third parties, but even if it does, there remains a strong possibility that information you share with third parties could be used to deliver targeted ads or be shared with others or that some of Facebook's developers or partners could misuse your information.
And, as with any digital information, what's posted online can always be copied and pasted so, regardless of what privacy settings are in place, never post anything that could get you into trouble or embarrass you now or in the future.
Anne Collier's NetFamilyNews post, Facebook's agreement with the FTC: What it means for users.
CNET News: Facebook privacy practices get FTC Shakeup.
Disclosure: Larry Magid is co-director of ConnectSafely.org which receives financial support from Facebook.