Facebook and privacy concerns have been walking hand in hand for years now, and now the social media giant has agreed to tighter controls by the Federal Trade Commission, including regular privacy audits conducted by an independent agency biannually for the next 20 years.
The agreement comes between the FTC and Facebook on the heels of eight separate complaints (PDF) against how Facebook managed, controlled, and distributed user information, including sending personal data to advertisers when a user clicked on an advertisement and sharing such information with application developers without user consent.
Facebook will face no penalties from the FTC at this point, but would have to pay up to $16,000 each for any violation of the current agreement.
Regarding the agreement, Facebook CEO Mark Zuckerberg wrote in a recent blog post that “Facebook has always been committed to being transparent about the information you have stored with us—and we have led the internet in building tools to give people the ability to see and control what they share,” but admits that the company has “made a bunch of mistakes.”
Zuckerberg also announced the creation of two new corporate officer roles (Chief Privacy Officer, Policy and Chief Privacy Officer, Products) “to make sure our commitments will be reflected in what we do internally—in the development of our products and the security of our systems—and externally—in the way we work collaboratively with regulators, government agencies and privacy groups from around the world.”
PC World reports that although privacy groups are generally pleased with the settlement announcement, not all concerns have been addressed. Mark Rotenberg, president of the Electronic Privacy Information Center (EPIC), had asked the FTC to force Facebook to go back to its pre-December 2009 practices, when Rotenberg said the company changed “users’ privacy settings without their consent.” Without requiring that change, Rotenberg insists, Facebook can “continue to use and market and disclose information from users that we believe was improperly obtained.”
Rotenberg also notes that although the settlement seems “very fair,” there is still no comprehensive consensus on how other online companies have to behave concerning private information.
Is it time for nationwide online privacy law? Is the recent FTC/Facebook agreement a good model to follow?