Facebook changes privacy policies to settle U.S. charges
Social network must follow new rules to protect users' private data
Facebook is settling with the U.S. Federal Trade Commission over charges it deceived consumers with its privacy settings to get people to share more personal information than they originally agreed to.
The FTC had charged that the social network told people they could keep the information they share private, then allowed it to be made public.
The charges go back to at least 2009, when Facebook changed its privacy settings so that information users may have deemed private, such as their list of friends, suddenly became viewable to everyone.
Under the proposed settlement with the FTC, Facebook must:
- Not make misrepresentations about the privacy or security of consumers' personal information.
- Obtain consumers' affirmative express consent before enacting changes that override their privacy preferences.
- Prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account.
- Establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information.
- Within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
"They didn't warn users that this change was coming, or get their approval in advance," the FTC said.
The FTC said the settlement requires Facebook to get people's approval before changing how it shares their data.
In a blog post, Facebook CEO Mark Zuckerberg said the company has made a "bunch of mistakes." But he adds that this has often overshadowed the good work Facebook has done. He says Facebook has addressed many of the FTC's concerns already.
The settlement is similar to one Google agreed to earlier this year over its Buzz social networking service. Like Google, Facebook has agreed to obtain assessments of its privacy practices by independent, third-party auditors for the next 20 years.
Facebook isn't paying anything to settle the case, though future violations could lead to civil fines.
Zuckerberg said Facebook has created two new executive positions — a chief privacy officer of products and a chief privacy officer of policy as part of its response to the settlement.