Yesterday, Facebook and the US Federal Trade Commission agreed to settle charges that Facebook deceived consumers by failing to keep the promises they made regarding privacy.
For those wanting to read the gory legalese details, the complaint is here and the proposed agreement here.
According to the FTC's announcement of the settlement, there were number of specific complaints:
In December 2009, Facebook changed its website so certain information that users may have designated as private - such as their Friends List - was made public. They didn't warn users that this change was coming, or get their approval in advance.
Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data - data the apps didn't need.
Facebook told users they could restrict sharing of data to limited audiences - for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
Facebook promised users that it would not share their personal information with advertisers. It did. Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.
Read on for feedback and the terms of the agreement.
David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.