After changes to the site in 2009 led to what the federal government saw as a failure to keep consumer data out of third party applications’ hands, an investigation began. Facebook has now reached an agreement with the FTC regarding privacy concerns. As part of that agreement, Facebook will overhaul its privacy practices.
“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” FTC Chairman John Leibowitz wrote in a statement. “Facebook’s innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not.”
It mostly boils down to user notification and some more explicit language, but here is where the changes primarily lie:
- Facebook must acquire consumer approval before it changes sharing policies–meaning you have to opt in to the updates.
- Third party auditors will assess these practices for the next 20 years. The first audit is due within 180 days. Facebook must also keep records for the FTC to monitor.
- The site must gain “consumers’ affirmative express consent” before overriding current privacy preferences.
- Facebook is not allowed to give anyone access to a user’s data 30 days after he or she has deleted an account.
- A program must be established and maintained that investigates and addresses privacy risks that come with new developments to the site.
Facebook has responded to the FTC statement in a blog post from CEO Mark Zuckerberg. On cue, he starts by reiterating Facebook’s mission to connect the world: “This idea has been at the core of Facebook since day one,” he says. “Overall, I think we have a good history of providing transparency and control over who can see your information. That said, I’m the first to admit that we’ve made a bunch of mistakes.”
Zuckerberg says the company’s success outweighs its missteps, and reviews its attempts to focus on privacy. And he just can’t help pointing out a few things the FTC had wrong:
“Even before the agreement announced by the FTYC today, Facebook had already proactively addressed many of the concerns the FTC raised. For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009. The same complaint also mentions causes where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010.”
Nonetheless, Facebook will create new roles showing its commitment to privacy. Erin Egan is the company’s new chief privacy officer for policy and Michael Richter for products.
So it seems that for the moment, Facebook and the FTC have found common ground, but it’s coming at Facebook’s expense: the company sits on a viable treasure trove of consumer data that marketers are itching to get their hands on. The new Open Graph tools are supposed to leave the doors wide open for marketing and advertising types, but the new conditions from the FTC agreement could limit the possibilities.