The Federal Trade Commission has proposed a settlement with Facebook over claims that the site violated user privacy when it changed default privacy settings without warning.
a proposed 20-year settlement, Facebook would be required to obtain express
consent from users before sharing material that was posted under earlier terms,
The Wall Street Journal reported.
U.S. Federal Trade Commission has proposed a 20-year settlement with Facebook
over charges that the social networking giant changed default user settings
that resulted in more information being disclosed than was previously public, a
source told The Wall Street Journal on Nov. 10. The source declined to be
identified because the settlement hasn't been finalized.
proposed settlement would require Facebook to get consent to share the pieces
of data if it is different from how the user originally agreed the data could
be used, when it was initially posted. The settlement would not cover new
features or how consent is obtained for those features. It's not clear whether
there will be any monetary damages.
to the WSJ report, if the settlement is approved, Facebook will also be subject
to an annual, independent review of the site's privacy practices. The FTC and
Facebook did not comment.
FTC began investigating Facebook after the Electronic Privacy Information
Center (EPIC), a Washington-based advocacy group, filed a complaint Dec. 17,
2009. The complaint alleged consumers were harmed when Facebook changed its
default privacy settings and requested that the site be required to give users
"meaningful control over personal information." Nine other consumer
advocacy groups, including the American Library Association, Consumer
Federation of America and The Privacy Rights Clearinghouse, signed the
complaint included changes in Facebook settings in November and December 2009
that encouraged users to reveal their names, profile photos, lists of friends,
pages they are fans of, gender, geographic regions and networks to which they
belong. The FTC should compel Facebook to allow users to choose whether to
disclose personal information and to choose whether to fully opt out of
revealing information to third-party developers, according to the EPIC
the time of the change, Facebook founder and CEO Mark Zuckerberg said the
changes were a "simpler model for privacy control."
has long been criticized for its privacy practices, where it changed settings
without warning, and its byzantine maze of privacy controls. It has made some
attempts recently to improve site privacy, such as making privacy controls more
prominent on a user's profile page and letting users directly control just who
can see each post.
the site is also under investigation in the European Union for possible privacy
rule violations over the use of personal data and has clashed with German
isn't the only social networking site with privacy issues, "but it gets
the most attention because it's the largest," Charles Pfleeger, a security
consultant at Pfleeger Consulting, said at a security conference in New York
City Nov. 10.
services and companies are developing tools that allow them to observe user
behavior online and target advertisements and customize user experience. The
FTC has signaled that privacy is a priority and has recently
increased its enforcement of privacy
requirements against online companies.
federal regulatory body has already settled with
this year. Google agreed to a similar settlement to pay $8.5
million into an independent fund and develop a "comprehensive privacy
program" that it will submit to independent review every other year. The
FTC had accused Google of telling Gmail users the information would only be
used for email, but then using it as part of Buzz, its short-lived microblogging
has also agreed to outside audits for 10 years after the FTC charged the site
with "serious lapses" in its data security after hackers broke into
several high-profile accounts.
federal government has also stepped up efforts to hold companies accountable
for the data they are collecting, storing and selling to other companies. There
are more than a dozen privacy bills in Congress this year addressing the
concept of a "do not track" system that would allow Internet users to
opt out of having their browsing activity tracked and a "privacy bill of
rights" to regulate what is being collected.