Now It’s Facebook’s Turn For 20 Years Of FTC Privacy Audits

According to the New York Times and Wall Street Journal the world’s largest social network is nearing a settlement with the US Federal Trade Commission (FTC) that will subject the company to 20 years of “privacy audits.” A nearly identical punishment was imposed earlier this year on Google over “deceptive privacy practices in Google’s rollout of its Buzz social network.”

The complaint against Facebook stems from sweeping changes to privacy settings in 2009. Several privacy advocacy groups including EPIC complained to the FTC about Facebook’s actions, which made much of users’ profile data public by default. Those original complaints have culminated in the the pending settlement.

According to the Wall Street Journal:

The settlement stems from changes Facebook made to its privacy settings in December 2009 to make aspects of users’ profiles—such as name, picture, city, gender, and friends list—public by default. At the time, Facebook founder Mark Zuckerberg described the changes as a “simpler model for privacy control.”

Users complained and several privacy advocates, led by the Electronic Privacy Information Center, filed a complaint with the FTC, alleging the changes were unfair and deceptive.

In addition to the privacy audits, according to the New York Times, Facebook would also be prevented from subsequently making public any information that was shared privately, without explicit consent from users.

Facebook has had a relatively cavalier attitude toward privacy in the past. CEO Mark Zuckerberg was famously quoted in January 2010 saying that privacy was “no longer a social norm.” His remarks were widely reported and taken somewhat out of context. However, Zuckerberg’s views on privacy appear to have evolved and he now more readily acknowledges the importance of privacy rather than dismissing it.

Indeed the site has recently taken greater steps to make privacy controls simpler and more obvious — such as implementing in-line privacy tools that offer sharing control over individual pieces of content. And in their recent Charlie Rose interview, Zuckerberg and Facebook COO Sheryl Sandberg spoke extensively about privacy.

Assuming the FTC settlement happens it won’t end Facebook’s privacy problems with the feds, however. EPIC and the ACLU have asked the FTC to investigate Facebook’s new “frictionless sharing” capability and Congressional Representatives Ed Markey (D-Mass.) and Joe Barton (R-Tex.) are asking the FTC to look into Facebook’s use of cookies and tracking of users logged out of the site (which Facebook has said it “fixed.”)

In Europe, which has much stricter privacy rules than the US, Facebook faces a potentially very broad privacy inquiry from the European Commission. Ireland has also separately initiated its own inquiry into alleged Facebook “shadow profiles” of non-users. On the Continent, Germany declared Facebook’s iconic Like buttons illegal forcing their removal from the German internet.

In some sense these privacy investigations signal that Facebook has “arrived” and reflect new and more intense government scrutiny that the 800 million-member network will face going forward. We may thus be at the beginning of what could become a long saga, much in the same way that Google has endured myriad privacy investigations over the past several years, and continues to face them.

Related Entries

• Facebook “Frictionless Sharing” Creating Friction With Privacy Advocates, Regulators
• Facebook’s Zuckerberg To Charlie Rose: “We Just Do One Thing”
• New Facebook Sharing Controls Undermine Google+ Privacy Advantage
• Twenty Year FTC “Privacy Audit” Intended To Punish, Make Example Of Google
• Facebook’s ‘Like’ Button Declared Illegal In Germany