Protecting privacy: What the Facebook/FTC settlement means for users

I’ve always found it kind of difficult to protect information on Facebook.

Ideally, it wouldn’t be this hard. But with an endless assortment of ways to customize a profile, one can only hope your information reaches only your intended audience. 

A recent settlement between Facebook and the Federal Trade Commission aims to change how user information is handled in the future. 

Palo, Alto, Calif.-based Facebook recently agreed to settle an eight-count FTC complaint in which Facebook allegedly made promises it did not keep, deceiving consumers by telling them they could keep their information on Facebook private and then repeatedly allowed information to be shared and made public.

The settlement now will force Facebook to honor its privacy promises to consumers. 

“The settlement ensures Facebook will have to honor every privacy promise that it makes to consumers, whether the promise is made in a privacy policy, in a blog post, through a trustmark or “seal,” or through a user’s own privacy settings,” said Laura Berger, FTC staff attorney who worked on the case.

The FTC’s complaints include Facebook changing its site so certain information that users may have designated as private – such as their Friends list – was made public in Dec. 2009. Facebook never warned users this change was coming, and it did not seek advance approval from users. 

Also, Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. However, the apps could access nearly all of users’ personal data – data the apps didn’t need, the FTC stated in a release.

Berger said that in addition to prohibiting future deception, the settlement imposes strong requirements to prevent such conduct from occurring.  

“Among other things, Facebook will have to implement a comprehensive privacy program, the requirements of which are set out in detail within the order,” she said. “Further, for the next 20 years, Facebook will have to obtain biennial audits of its privacy practices from a qualified third party.”

Under the proposed settlement Facebook is barred from making misrepresentations about the privacy or security of consumers’ personal information and required to obtain consumers’ express consent before enacting changes that override their privacy preferences. Facebook also is required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account. 

Facebook never actually was accused of breaking any laws and did not face any fines. However, if the company violates future settlement terms, each violation may result in a civil penalty of up to $16,000.

Facebook could not be reached for comment.

Christine Cube is a media relations manager with PR Newswire and freelance writer. You can follow her @cpcube.