Today, Facebook agreed to settle Federal Trade Commission (FTC) charges that it deceived customers by failing to uphold privacy promises. The FTC announced today that the social networking site “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers' express consent before their information is shared beyond the privacy settings they have established.”
This settlement with Facebook is an important step, making it clear that companies can't simply change the rules without asking users’ permission. We shouldn’t have to struggle with complicated and constantly shifting privacy settings just to keep control of our own personal information. To keep pace with new technology, we also need new laws and tools like “Do Not Track” and comprehensive privacy legislation to help us safeguard our own personal information.
Facebook has a long history of innovation — but that history includes repeated attempts to rewrite its privacy policies and allow more data to be shared by default or without notice. We’ve spent a lot of time raising awareness of the “app gap” (including submitting comments to the FTC) and how Facebook shares information with third party applications, so we were glad to see that explicitly called out in the FTC’s settlement notice. But other examples abound, from Facebook’s ill-fated Beacon that automatically shared user’s purchases on other Web sites with their Facebook friends to its proposed changes to its Terms of Service that would have allowed it to retain photos and other content even after a user deleted them to its ”privacy transition” that made more information unalterably public. Facebook users have repeatedly been surprised to learn that their information was being shared with other Facebook users, “Instant Personalization” partners, third party app developers, advertisers, and even anyone on the Internet in ways they didn’t expect.
As hard as it is for users to understand one set of privacy controls on Facebook, it’s even harder when those controls keep changing. That’s why we’re happy that the FTC has stepped in and put an end to Facebook’s practice of “begging forgiveness rather than asking permission” when it comes to your personal information. Today’s settlement requires Facebook to obtain a user’s express consent before sharing any information that would not have been shared under the user’s prior privacy settings. That’s definitely a step in the right direction.
We also need more tools from Facebook like its Profile Review and inline privacy controls that help users understand and control how their personal information is being shared. And we need to keep working on updating laws like the antiquated Electronic Communications Privacy Act and passing comprehensive privacy legislation to make it possible for all of us to properly safeguard our personal information.