The Federal Trade Commission and Facebook have come to terms on consumer privacy, an issue the FTC formally raised in an eight-count complaint earlier this year. Both sides have announced the pact in their own particular way.
On Facebook’s blog, CEO Mark Zuckerberg strikes a diplomatic tone with a dash of mea culpa.
“Overall, I think we have a good history of providing transparency and control over who can see your information,” he writes. “That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes…have often overshadowed much of the good work we’ve done.”
Over at the FTC website, FTC Chair Jon Leibowitz and his press team are a bit more, well, strident. In reviewing the original complaint, the FTC nearly crows:
“The social networking service Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.”
The release goes on to categorize the issues at hand in a pretty prosecutorial fashion:
“The FTC complaint lists a number of instances in which Facebook allegedly made promises that it did not keep:
- In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
- Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
- Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
- Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
- Facebook promised users that it would not share their personal information with advertisers. It did.
- Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
- Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.
The proposed settlement bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.”
Zuckerberg makes the point that Facebook hasn’t exactly been sitting on its hands when it comes to these issues.
“For Facebook, this means we’re making a clear and formal long-term commitment to do the things we’ve always tried to do and planned to keep doing — giving you tools to control who can see your information and then making sure only those people you intend can see it….In the last 18 months alone, we’ve announced more than 20 new tools and resources designed to give you more control over your Facebook experience….
…privacy is so deeply embedded in all of the development we do that every day tens of thousands of servers worth of computational resources are consumed checking to make sure that on any webpage we serve, that you have access to see each of the sometimes hundreds or even thousands of individual pieces of information that come together to form a Facebook page. This includes everything from every post on a page to every tag in those posts to every mutual friend shown when you hover over a person’s name. We do privacy access checks literally tens of billions of times each day to ensure we’re enforcing that only the people you want see your content. These privacy principles are written very deeply into our code.”
I think this kind of back and forth between the institutions we entrust with our data – like Facebook – and those we entrust to oversee the common good – our government – is healthy and good for society. The bigger question, to my mind, is what kind of culture we are becoming as we decide to share all this information, regardless of whether we truly understand or even consider the implications of doing so.
The settlement will enter a period of public comment for the next month, then, presumably, it will be finalized.
A copy of the settlement can be found here.