Traffic Exchange

Nov 29, 2011

Facebook Settlement FTC


Facebook Settlement FTC, Facebook settles FTC complaint over deceptive privacy practices. Facebook has agreed to a settlement of a Federal Trade Commission complaint that said the social network “deceived consumers” by promising to keep their information private, yet still allowing that data to be shared in public.

The Palo Alto company agreed to tighten its privacy programs and submit to an independent audit every two years. The FTC can’t fine the company for past violations, but now every violation of the order carries a fine of $16,000 per day per violation, FTC Chairman Jon Leibowitz said.


“That’s an enormous exposure even to a company like Facebook,” Leibowitz said.

In a blog post aimed at the company’s 800 million members, Facebook CEO Mark Zuckerberg admitted the company made mistakes, but said the FTC settlement “formalizes our commitment to providing you with control over your privacy.”

Facebook was also creating two new positions to oversee privacy.

“Overall, I think we have a good history of providing transparency and control over who can see your information,” Zuckerberg wrote. “That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”

In a press release, the FTC summarized the eight-count complaint for violations that occurred between Oct 2008 and May 2010:

— In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

— Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

— Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

— Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

— Facebook promised users that it would not share their personal information with advertisers. It did.

— Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

— Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Source:sfgate