Facebook Privacy: Is The FTC Going Too Far or Not Far Enough?By: Chris Crum - November 30, 2011
As you may know, Facebook settled privacy charges with the FTC this week. Under the agreement, Facebook is barred from making misrepresentations about the privacy or security of consumers’ personal data, required to obtain user consent before making privacy changes, required to prevent others from accessing a user’s material no more than 30 days after the use has deleted their account, required to maintain a privacy program to address privacy risks associated with the development and management of new and existing products, and required to be audited every 2 years for 20 years to make sure they’re living up to all of this.
Do you think the government has gone too far or not far enough? Let us know in the comments.
It’s that part about the development and management of new and existing products that has led to some questioning just how much government intervention is actually going to affect Facebook going forward.
He goes on to make the case that the whole thing could have huge implications for Facebook’s internal processes, particularly with the lawyers the company has appointed to the positions of Chief Privacy Officer, Policy and Chief Privacy Officer, Products.
Facebook CEO Mark Zuckerberg discussed them in a massive blog post response to the FTC’s announcement:
Erin Egan will become Chief Privacy Officer, Policy. Erin recently joined Facebook after serving as a partner and co-chair of the global privacy and data security practice of Covington & Burling, the respected international law firm. Throughout her career, Erin has been deeply involved in legislative and regulatory efforts to address privacy, data security, spam, spyware and other consumer protection issues. Erin will lead our engagement in the global public discourse and debate about online privacy and ensure that feedback from regulators, legislators, experts and academics from around the world is incorporated into Facebook’s practices and policies.
Michael Richter will become Chief Privacy Officer, Products. Michael is currently Facebook’s Chief Privacy Counsel on our legal team. In his new role, Michael will join our product organization to expand, improve and formalize our existing program of internal privacy review. He and his team will work to ensure that our principles of user control, privacy by design and transparency are integrated consistently into both Facebook’s product development process and our products themselves.
These two positions will further strengthen the processes that ensure that privacy control is built into our products and policies.
It’s that last sentence which lies at the root of Ulanoff’s point. This could have tremendous effects on Facebook’s ability to get out new products, at least in the manner in which they were intended.
It’s certainly a good thing for Facebook to protect the privacy of users as they intended, but as Zuckerberg pointed out, they’ve released tons of tools and resources for giving users more control.
“Overall, I think we have a good history of providing transparency and control over who can see your information,” he said. “That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”
He also reminded us of a number of specific things Facebook has done in the past 18 months to give users more control:
- • An easier way to select your audience when making a new post• Inline privacy controls on all your existing posts
• The ability to review tags made by others before they appear on your profile
• Friend lists that are easier to create and that maintain themselves automatically
• A new groups product for sharing with smaller sets of people
• A tool to view your profile as someone else would see it
• Tools to ensure your information stays secure like double login approval
• Mobile versions of your privacy controls
• An easy way to download all your Facebook data
• A new apps dashboard to control what your apps can access
• A new app permission dialog that gives you clear control over what an app can do anytime you add one
• Many more privacy education resources
“In my opinion, the FTC agreement is not only bad for Facebook, but bad for its users too,” says iEntry CEO and WebProNews publisher Rich Ord. “Government regulation of the largest social network on the planet cannot be good.”
Still, others feel that the government did not go far enough. The Electronic Privacy Information Center (or EPIC), which is credited as an organization that brought the Facebook issues to the FTC’s attention, would have rather they “restore users’ privacy settings to pre-2009 levels.”
The FTC’s complaint lists a handful of instances in which it says “Facebook allegedly made promises it did not keep”:
In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
Facebook promised users that it would not share their personal information with advertisers. It did.
Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.
Do you think the government has done enough for Facebook privacy, or has it gone too far? Tell us what you think.