Facebook and the US Federal Trade Commission announced their formal privacy settlement today. Facebook and the federal agency each put their spin on it, with Facebook saying it was very similar to “agreements” previously reached with Google and Twitter:
Recently, the US Federal Trade Commission established agreements with Google and Twitter that are helping to shape new privacy standards for our industry. Today, the FTC announced a similar agreement with Facebook. These agreements create a framework for how companies should approach privacy in the United States and around the world.
For Facebook, this means we’re making a clear and formal long-term commitment to do the things we’ve always tried to do and planned to keep doing — giving you tools to control who can see your information and then making sure only those people you intend can see it
For its part the FTC characterized Facebook’s privacy transgressions as “deception” and not just a “a small number of high profile mistakes,” as Mark Zuckerberg described the complaints that lead to the investigation in the first place. The FTC laid out the charges and the remedy (20 years of privacy audits):
The proposed settlement bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.
Mark Zuckerberg’s post sounds a note of humility and contrition. I believe he’s sincere and that the company is more sensitive to users’ privacy concerns today than it was in the past, when it took a “beg for forgiveness” approach. Whether or not the culture of Facebook convinced its executive team that privacy was dead there was a kind of arrogance that characterized Facebook’s attitude and behavior in the past.
I think that has genuinely changed. But the FTC settlement is also a reminder that privacy is alive and well. It’s also concrete proof that there are consequences for being cavalier about privacy.
This is even more true in Europe, where governments and regulators take privacy 10x more seriously that we do in the US. There are several investigations pending in Europe; and proposed legislation to be introduced early next year by the European Commission would place disclosure requirements and other constraints around Facebook’s ad targeting capabilities.
This new scrutiny comes only months ahead of Facebook’s expected Q2 2012 $10 billion IPO. After Facebook becomes a public company it will face new pressure to monetize traffic and page views. It will likely need to place ads in its mobile apps and may even be compelled to get more directly into SEM in order to show the kind of revenue growth that investors will demand.
Given that its business is currently built on the “sale” of personal profile information, these investigations and initiatives likely mean that Facebook will have to walk a delicate line between more aggressive monetization and privacy protection as it navigates the unforgiving waters of being a public company.