The Federal Trade Commission this morning announced a proposed settlement with Facebook to resolve a series of charges over its privacy practices, simultaneously made public in an eight-count FTC complaint.
Laying down the law on the world’s largest social network, the commission says in a news release that Facebook “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.”
These types of complaints aren’t new, but the escalation to the realm of federal regulators is significant. Mark Zuckerberg, Facebook’s CEO, addresses the charges in a blog post.
“Overall, I think we have a good history of providing transparency and control over who can see your information,” he writes. “That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”
The proposed settlement will be open to public comment prior to final approval. Here are the primary components of the deal, as outlined by the FTC this morning.
Specifically, under the proposed settlement, Facebook is:
- barred from making misrepresentations about the privacy or security of consumers’ personal information;
- required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
- required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account;
- required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
- required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.
Here’s the full FTC case file.
In his blog post, Zuckerberg says Facebook had already addressed many of the FTC’s concerns prior to the settlement. He also announced the creation of two privacy-related executive positions inside the company, one overseeing policy and another products.