Facebook's privacy record has been shaky at best. But that's about to change, thanks to today's settlement with the US Federal Trade Commision. From now on, all privacy changes have to be opt-in for users, instead of Facebook changing it for you. About time.
Facebook CEO Mark Zukerberg and the FTC have both issued statements about the settlement, which forces the social network giant to make significant changes to how it deals with the privacy of its users. The biggest change is that Facebook must give, consumers "clear and prominent notice and obtaining consumers' express consent before their information is shared beyond the privacy settings they have established". This is a direct result of Facebook's 2009 privacy change that caused certain information that was supposed to be private being made public. Apparently, the word "private" meant "private until we make a few changes and make sure the whole world see your vacation photos" to Facebook.
The FTC also singled out Facebook's Verified App program since it didn't actually verify the security of the apps it verified. Facebook also shared personal user information with advertisers after it promised that it would not share that information. And on and on; seriously, Facebook has been playing fast and loose with your personal information, and the changes the FTC are enforcing are past due.
Here are the changes Facebook must make:
The proposed settlement bars Facebook from making any further deceptive privacy claims, requires that the company get consumers' approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.
Specifically, under the proposed settlement, Facebook is:
- barred from making misrepresentations about the privacy or security of consumers' personal information;
- required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;
- required to prevent anyone from accessing a user's material no more than 30 days after the user has deleted his or her account;
- required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and
- required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
To help achieve the goals put forth by the settlement, Facebook has created two new Chief Privacy Officers, Erin Egan and Michael Richter. Zuck says he looks forward to working with the commission to implement the changes. Yeah, we look forward to it too buddy. [Facebook, FTC via TechCrunch]