Facebook just settled with the Federal Trade Commission over charges alleging Facebook deceived consumers about how much privacy they had on the site.
The FTC said Facebook told its users could keep their information private on the site and then repeatedly allowed it to be shared and made public.
The settlement prevents Facebook from making further deceptive privacy claims and requires the company to get user approval before it changes the way it shares data. Facebook also has to submit to periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.
As part of the settlement, Facebook has to follow these new rules:
- It’s barred from making misrepresentations about the privacy or security of consumers’ personal information.
- Facebook is required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences.
- It’s required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account.
- Facebook is required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information.
- It’s required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.
Here’s an excerpt of Zuckerberg’s response to the settlement: Overall, I think we have a good history of providing transparency and control over who can see your information.
That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.
I also understand that many people are just naturally sceptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service. Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It’s important for people to think about this, and not one day goes by when I don’t think about what it means for us to be the stewards of this community and their trust.
Facebook has always been committed to being transparent about the information you have stored with us – and we have led the internet in building tools to give people the ability to see and control what they share.
But we can also always do better. I’m committed to making Facebook the leader in transparency and control around privacy.