Loading ...
Sorry, an error occurred while loading the content.

Facebook settles privacy issues according to FTC press release

Expand Messages
  • suesarkis@aol.com
    Sent on behalf of peter@ewiassociates.com The social networking service Facebook has agreed to settle Federal Trade Commission charges that it deceived
    Message 1 of 1 , Dec 6, 2011
      Sent on behalf of peter@...

      The social networking service Facebook has agreed to settle Federal Trade
      Commission charges that it deceived consumers by telling them they could
      keep their information on Facebook private, and then repeatedly allowing it
      to be shared and made public. The proposed _settlement_
      SvQ2PFzrGUUH8KT+CEBow3RJ) requires _Facebook_
      +frQjrgY9Z5Y4DGj11) to take several steps to make sure it lives up to its
      promises in the future, including giving consumers clear and prominent
      notice and obtaining consumers' express consent before their information is
      shared beyond the privacy settings they have established.

      The FTC's eight-count _complaint_
      Gj11) against Facebook is part of the agency's ongoing effort to make
      sure companies live up to the privacy promises they make to American
      consumers. It charges that the claims that Facebook made were unfair and deceptive,
      and violated federal law.

      "Facebook is obligated to keep the promises about privacy that it makes to
      its hundreds of millions of users," said Jon Leibowitz, Chairman of the

      "Facebook's innovation does not have to come at the expense of consumer
      privacy. The FTC action will ensure it will not."

      The FTC complaint lists a number of instances in which Facebook allegedly
      made promises that it did not keep:
      * In December 2009, Facebook changed its website so certain
      information that users may have designated as private – such as their Friends List –
      was made public. They didn't warn users that this change was coming, or
      get their approval in advance.
      * Facebook represented that third-party apps that users' installed
      would have access only to user information that they needed to operate. In
      fact, the apps could access nearly all of users' personal data – data the
      apps didn't need.
      * Facebook told users they could restrict sharing of data to limited
      audiences – for example with "Friends Only." In fact, selecting "Friends
      Only" did not prevent their information from being shared with third-party
      applications their friends used.
      * Facebook had a "Verified Apps" program & claimed it certified the
      security of participating apps. It didn't.
      * Facebook promised users that it would not share their personal
      information with advertisers. It did.
      * Facebook claimed that when users deactivated or deleted their
      accounts, their photos and videos would be inaccessible. But Facebook allowed
      access to the content, even after users had deactivated or deleted their
      * Facebook claimed that it complied with the U.S.- EU Safe Harbor
      Framework that governs data transfer between the U.S. and the European Union.
      It didn't.
      The proposed settlement bars Facebook from making any further deceptive
      privacy claims, requires that the company get consumers' approval before it
      changes the way it shares their data, and requires that it obtain periodic
      assessments of its privacy practices by independent, third-party auditors
      for the next 20 years.

      Specifically, under the proposed settlement, Facebook is:

      * barred from making misrepresentations about the privacy or
      security of consumers' personal information;
      * required to obtain consumers' affirmative express consent before
      enacting changes that override their privacy preferences;
      * required to prevent anyone from accessing a user's material no
      more than 30 days after the user has deleted his or her account;
      * required to establish and maintain a comprehensive privacy program
      designed to address privacy risks associated with the development and
      management of new and existing products and services, and to protect the
      privacy and confidentiality of consumers' information; and
      * required, within 180 days, and every two years after that for the
      next 20 years, to obtain independent, third-party audits certifying that it
      has a privacy program in place that meets or exceeds the requirements of
      the FTC order, and to ensure that the privacy of consumers' information is
      The proposed order also contains standard record-keeping provisions to
      allow the FTC to monitor compliance with its order.
      Facebook's privacy practices were the subject of complaints filed with the
      FTC by the Electronic Privacy Information Center and a coalition of
      consumer groups.

      The Commission vote to accept the consent agreement package containing the
      proposed consent order for public comment was 4-0. The FTC will publish a
      description of the consent agreement package in the Federal Register
      shortly. The agreement will be subject to public comment for 30 days, beginning
      today and continuing through December 30, 2011 after which the Commission
      will decide whether to make the proposed consent order final.

      Bruce Hulme
      ISPLA Director of Government Affairs

      Investigative and Security Industry Resource to the Profession,
      Government, and the Media

      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.