Advisory: Facebook Enters Settlement with FTC Over Deceptive Privacy Practices
On November 29, 2011, Facebook, Inc. (“Facebook”) agreed to settle charges before the Federal Trade Commission (“FTC”) of deceptive privacy practices.
Other counts in the complaint arise from alleged misrepresentations, including that:
- Users could restrict access to certain user information, including birthday, hometown, education, and employment;
- Facebook would not share users’ personal information with advertisers;
- Facebook reviewed the security of applications for its “Verified Apps” program;
- Third-party apps would have access to only the information needed to operate;
- Users’ information, including photos and videos, would be inaccessible after users deactivated or deleted their accounts; and
- Facebook was in compliance with the U.S.-EU Safe Harbor framework.
According to the settlement, these statements were false.
The proposed consent order requires Facebook to (1) refrain from making any further misleading or deceptive representations regarding users’ privacy; (2) obtain express user consent before overriding users’ privacy preferences or otherwise changing the way it uses user information; and (3) submit to regular privacy audits by an independent third party every two years for the next 20 years.
The proposed settlement is substantially similar to the settlement earlier this year between the FTC and Google. Most significantly, the FTC again requires implementation of a comprehensive privacy program with ongoing audit requirements. The FTC described those conditions in relation to the Google settlement as “good business practices” the FTC would “expect to see widely followed across the industry.” The proposed consent decree with Facebook suggests the FTC will continue imposing such practices in future settlements involving privacy issues. Several members of Congress, including Sens. Jay Rockefeller (D-W.Va.) and John Kerry (D-Mass.), and Reps. Ed Markey (D-Mass.), Joe Barton (R-Texas), and Anna Eshoo (D-Calif.), have issued approving statements regarding the FTC’s settlement.
The consent order is open for comments from the public until December 30, 2011.
For more information regarding the consent order, or Wiltshire & Grannis’ privacy practice, please contact John Nakahata, Brita Strandberg, Paul Margie, Rob Carter, Madeleine Findley or Kristine Devine.