In 2009 Facebook changed its privacy settings without telling users and the FTC brought charges that were resolved this week. The changes made by Facebook resulted in portions of user's accounts becoming public, including their profile picture, birthday, friends list and other personal information.
Though the settlement appears to be nothing more than a slap on Facebook's wrist, it could have far-reaching effects. Going forward, changes to privacy settings must be opt-in. I'm guessing other social networks are making necessary changes in order to avoid a similar conflict with the FTC.
The FTC charged that Facebook's actions were unfair, deceptive and violated federal law. Facebook allegedly told users they could keep information private and then they repeatedly made the information public.
FTC Chairman Jon Leibowitz said,
“Facebook is obligated to keep the promises that it makes to its hundreds of millions of users. Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not.”
If you'd like to comment on the settlement you may do so here.
The FTC advises that users must be given clean and prominent notice in advance and when changes occur in the future, Facebook must obtain its users' express consent before any information is shared outside of the privacy setting the user has created.
The FTC complaint lays out seven instances in which it believes Facebook failed to keep promises it made to users. Under the settlement, Facebook is:
- Prohibited from making misrepresentations about the privacy or security of consumers' personal information.
Required to obtain consumers' affirmative express consent before enacting changes that override the users current privacy settings.
Required to prevent anyone from accessing a user's material no more than 30 days after the user has deleted his or her account.
Required to establish and maintain a comprehensive privacy policy designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information.
Required for the next 20 years to obtain third-party audits certifying it has a privacy policy in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
The effects of the settlement will effect other social networks. The message from the FTC to social networks is pretty clear: Don't put the desires of advertisers before the privacy of users. Social networks have gathered personal information of its users and advertisers want to tap into that information. The FTC has now told these social networks it can't monetize this information however it wants.
While that sounds like an earth-shaking message, it’s really just the FTC standardizing the practice of opt-in. Many social networks already know that customers who opt-in are more engaged in the social network and ultimately more valuable to marketers and advertisers than customers who simply don’t opt-out. Studies also show, when given the option, users are likely to share information they’re asked to share, so there’s really no need to deceive users about privacy settings.
This case has been pending for two years. During that time, Mark Zuckerberg tells us Facebook has made efforts to do many of the things required by this settlement. So, don't be looking for any massive changes or big announcements. Now would be a good time for you to have another look at your Facebook privacy settings. Confirm your current opt-in settings and be sure you are comfortable with the information you are sharing.
