Wednesday, 30 November 2011 22:33

Facebook vs. Privacy - Facebook loses (for once)


Yesterday, Facebook and the US Federal Trade Commission agreed to settle charges that Facebook deceived consumers by failing to keep the promises they made regarding privacy.

For those wanting to read the gory legalese details, the complaint is here and the proposed agreement here

According to the FTC's announcement of the settlement, there were number of specific complaints:


  • In December 2009, Facebook changed its website so certain information that users may have designated as private - such as their Friends List - was made public. They didn't warn users that this change was coming, or get their approval in advance.
  • Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data - data the apps didn't need.
  • Facebook told users they could restrict sharing of data to limited audiences - for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
  • Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
  • Facebook promised users that it would not share their personal information with advertisers. It did. Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
  • Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.

None of these was any surprise to those in the media who regularly comment on Facebook's activities and specifically addresses the breach of trust that occurs when an organisation modifies its terms of use after a subscriber agrees to them. 

Read on for feedback and the terms of the agreement.

For instance, well known Internet and media policy lawyer Berin Szoka, writing for the Technology Liberation Front noted, "Today's settlement makes clear that changes to what a company may do with information already collected require informed user consent'”provided the changes are material." 

Szoka continues, "Thus, while Congress struggles to craft 'comprehensive baseline privacy' legislation in the European model, the FTC is using its existing 1938 authority over unfair or deceptive trade practices to build a common law of privacy. This is a process of discovery: what's the right balance between protecting privacy and the consumer benefits of encouraging the development of new services? That process won't be perfect or easy, but it's much more likely to keep up with technological change than legislation or prophylactic regulation would be, and less likely to fall prey to regulatory capture by incumbents as a barrier to competition."

The settlement between Facebook and the FTC prohibits Facebook from making any further deceptive claims regarding the way it handles privacy and requires that consumers' approval is obtained before changes are made in the way their data is shared.

In addition, a periodic assessment of privacy practices to be conducted by independent third-party auditors for the next twenty years.

The agreed settlement terms are on the next page.

Specifically, under the proposed settlement, Facebook is:


  • barred from making misrepresentations about the privacy or security of consumers' personal information;
  • required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;
  • required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;
  • required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and
  • required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.

The agreement is subject to public comment for 30 days, after which time the FTC will decide whether to make the settlement final.

In responding to the agreement, Facebook Founder and CEO Mark Zuckerberg wrote a substantial entry on the company's blog.  Amongst other comments, Zuckerberg said, "Overall, I think we have a good history of providing transparency and control over who can see your information." 

Zuckerberg wrote further, "Facebook has always been committed to being transparent about the information you have stored with us - and we have led the internet in building tools to give people the ability to see and control what they share."

Clearly he is talking about a different Facebook to the one we all use.



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.




Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.


Webinars & Events