The FTC complaint against Facebook – available at http://www.ftc.gov/os/caselist/0923184/111129facebookcmpt.pdf – listed a number of instances in which Facebook allegedly made promises that it did not keep:
- Facebook changed its website in December 2009 without warning users or getting their approval in advance so information some users designated as private – such as their Friends List – was made public.
- Facebook represented that third-party applications (“apps”) installed by users would only have access to user information they needed to operate when, in fact, the apps could access nearly all of the personal data of users.
- Facebook told users they could restrict sharing of data to limited audiences such as “Friends Only” when, in fact, selecting “Friends Only” did not prevent information from being shared with third-party apps used by friends.
- Facebook claimed its “Verified Apps” program certified the security of participating apps when it did not.
- Facebook promised users that it would not share their personal information with advertisers but it did.
- Facebook claimed that photos and videos of users who deactivated or deleted their accounts would be inaccessible but they remained accessible.
- Facebook claimed it complied with the United States – European Union (EU) Safe Harbor Framework that governs data transfer between the U.S. and EU but it did not.
- Barred from making misrepresentations about the privacy or security of the personal information of consumers;
- Required to prevent anyone from accessing a user’s material more than thirty (30) days after the user has deleted his or her account;
- Required to establish and maintain a comprehensive privacy program designed to address privacy risks and to protect the privacy and confidentiality of consumers’ information; and
- Required to obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years to ensure that the privacy of consumers’ information is protected.
In a November 29, 2011 post on The Facebook Blog, Facebook’s founder and CEO Mark Zuckerberg wrote that while overall the company had “a good history of providing transparency and control over who can see your information” he admitted that “a small number of high profile mistakes” such as “poor execution as we transitioned our privacy model two years ago” may have overshadowed much of the social network’s good work. He also wrote in depth about the issues concerning the privacy of personal information online:
I also understand that many people are just naturally skeptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service. Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It’s important for people to think about this, and not one day goes by when I don’t think about what it means for us to be the stewards of this community and their trust.
Facebook has always been committed to being transparent about the information you have stored with us – and we have led the internet in building tools to give people the ability to see and control what they share.
But we can also always do better. I’m committed to making Facebook the leader in transparency and control around privacy.
As we have grown, we have tried our best to listen closely to the people who use Facebook. We also work with regulators, advocates and experts to inform our privacy practices and policies. Recently, the US Federal Trade Commission established agreements with Google and Twitter that are helping to shape new privacy standards for our industry. Today, the FTC announced a similar agreement with Facebook. These agreements create a framework for how companies should approach privacy in the United States and around the world.
Later on in his post, Zuckerberg addressed specific FTC charges relating to Facebook:
Even before the agreement announced by the FTC today, Facebook had already proactively addressed many of the concerns the FTC raised. For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009. The same complaint also mentions cases where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010.
In addition to these product changes, the FTC also recommended improvements to our internal processes. We’ve embraced these ideas, too, by agreeing to improve and formalize the way we do privacy review as part of our ongoing product development process. As part of this, we will establish a biannual independent audit of our privacy practices to ensure we’re living up to the commitments we make.
Regarding the settlement with the FTC, Zuckerberg wrote that he looked forward “to working with the Commission as we implement this agreement” which he hoped would make clear that “Facebook is the leader when it comes to offering people control over the information they share online.” The post is available at https://blog.facebook.com/blog.php?post=10150378701937131.
No comments:
Post a Comment