FTC to Facebook: Don’t Screw with User Privacy After WhatsApp Acquisition
Today, Facebook Chief Privacy Officer Erin Egan and WhatsApp General Counsel Anne Hoge received a diplomatic, but pointed letter from Jessica Rich, the Federal Trade Commussion’s Bureau of Consumer Protection head.
And the TL;DR version is this: don’t screw with user privacy when this acquisition goes through (and if you do, you have to let them know and make it opt-in).
“WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties–promises that exceed the protections currently promised to Facebook users. We want to make clear that regardless of the acquisition, WhatsApp must continue to honor these promises to consumers. Further, if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC’s order against Facebook,” said Rich.
What the FTC is referencing with that last bit is a 2011 settlement with Facebook, after the commission charged the social network with deceiving consumers by failing to keep privacy promises.
The FTC listed more that a half-dozen individual instances where Facebook dropped the ball on privacy promises, and in the end ruled that Facebook be required to give users “clear and prominent” notice get permission before data is shared beyond the privacy settings that have already been established.
Facebook also agreed to biannual independent audits of its privacy practices for the next two decades. Mark Zuckerberg’s company dodged a fine.
Of course, Facebook and WhatsApp have already promised users that nothing is going to change with the acquisition.
“Here’s what will change for you, our users: nothing…And you can still count on absolutely no ads interrupting your communication. There would have been no partnership between our two companies if we had to compromise on the core principles that will always define our company, our vision and our product,” they said at the time of the announcement.
Just last month, in an attempt to further assuage the WhatsApp user base, CEO Jan Koum promised that the service will still protect their privacy, even with Facebook as overlords.
“Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don’t have to give us your name and we don’t ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that,” he said.
Rich warns Facebook that any shifts in policy must be telegraphed, or else the company could be in violation of their 2011 settlement.
“Before changing WhatsApp’s privacy practices in connection with, or following, any acquisition, you must take steps to ensure that you are not in violation of the law or the FTC’s order. First, if you choose to use data collected by WhatsApp in a manner that is materially inconsistent with the promises WhatsApp made at the time of collection, you must obtain consumers’ affirmative consent before doing so. Second, you must not misrepresent in any manner the extent to which you maintain, or plan to maintain, the privacy or security of WhatsApp user data,” she says in the letter.
The FTC’s skepticism likely mirrors that of many a WhatsApp user.
Image via Wikimedia Commons