Tech

Settlement bars Facebook from making ‘further deceptive privacy claims’

Josh Peterson Tech Editor

The Federal Trade Commission and Facebook announced an agreement Tuesday that would bar the social network from making “further deceptive privacy claims” about how it handles user data.

The social network, sentenced to a 20-year audit, is now required by the FTC to seek the permission of its users before “enacting changes that override their privacy preferences.”

Facebook users have often complained about the company’s privacy practices, sensing that the social network’s executives often ask for forgiveness than permission from its users. Recent Facebook changes have left some users complaining about feeling vulnerable and exposed with respect to information they want kept private.

This is not Facebook’s first run-in with the law. The settlement was the result of a two-year investigation into Facebook’s privacy practices, the flames fanned by an eight-count complaint from the Electronic Privacy Information Center and a coalition of consumer organizations.

The agreement mirrors the FTC’s settlement with Google  in March over how Google handled private user data in Buzz, its own social network experiment. In the now-defunct Google Buzz, Gmail user contact lists were made public through a system modeled after Twitter’s “Followers” and “Following” lists.

The Google Buzz precedent and today’s settlement with Facebook are the only two of their kind in the FTC’s history.

California Republican Rep. Mary Bono Mack,  who chairs the House Subcommittee on Commerce, Manufacturing and Trade, told The Daily Caller that today’s announcement “is a step forward in giving American consumers a greater say in how their data and personal information is shared.”

“But in many ways,” she added, “this settlement clearly demonstrates that the privacy debate in Washington remains unresolved.”

Multiple competing data-breach bills dealing with data privacy and security are making their way through both chambers of Congress. Bono Mack introduced two such pieces of legislation this summer. Massachusetts Democratic Sen. John Kerry and Arizona Republican Sen. John McCain co-sponsored their own legislation called the Commercial Privacy Bill of Rights.

Berin Szoka, founder and president of TechFreedom, a DC-based market oriented tech policy think tank, said in a statement Tuesday that in its settlement with Facebook, the FTC was drawing on its existing authority — which dates back to 1938 — over “unfair or deceptive trade practices to build a common law of privacy.”

“That process won’t be perfect or easy, but it’s much more likely to keep up with technological change than legislation or prophylactic regulation would be, and less likely to fall prey to regulatory capture by incumbents as a barrier to competition,” said Szoka.

Mark Zuckerberg, Facebook founder and CEO, wrote on The Facebook Blog that his company’s privacy efforts came both before the FTC’s investigation and in response to it. “I founded Facebook on the idea that people want to share and connect with people in their lives,” Zuckerberg said, “but to do this everyone needs complete control over who they share with at all times.”

“I’m the first to admit that we’ve made a bunch of mistakes,” Zuckerberg added. “In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”

Zuckerberg, crowned Time Magazine’s Person of the Year in 2010, explained that certain complaints included in the FTC investigation dated back to 2009, and that he considered them already remedied. He also announced the creation of two new security and privacy positions at Facebook, effective Tuesday, to “further strengthen the processes that ensure that privacy control is built into our products and policies.”

In 2010 The Wall Street Journal reported a series of privacy breaches at Facebook in which user information was leaked to third-party applications, affecting “tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings.”

Democratic Massachusetts Rep. Edward Markey and Texas Republica Rep. Joe Barton, co-chairs of the House Bi-Partisan Privacy Caucus, wrote to Zuckerberg in October 2010 about the Wall Street Journal report. Markey and Barton also wrote to Facebook in February 2011 and May 2011 about separate instances in which the social network sought to make certain user data available to third-party applications developers, websites, analytics firms and advertisers.

“Social networking is about connecting with friends, family members and customers,” said Barton. “There is a level of trust involved that should not be violated.”

Government concerns over consumer data privacy are not only originating in the United States; the European Commission has also threatened to hit Facebook with sanctions over how it shares user data with advertisers.

In addition to its data privacy concerns, Facebook was rocked two weeks ago by a cyber attack that spammed users’ news feeds with disturbing images of hardcore pornography and animal violence. The event brought child safety advocates to consider whether Facebook was an appropriate place for children.

Rep. Bono Mack, who oversaw a series of hearings to assess the damage done by data breaches at Sony and other companies, also requested a briefing from Facebook about the spam attack.

Facebook has been engaged in a year-long rollout of new user safety and privacy tools, and sponsoring talks to educate users about how to use the new features.

Follow Josh on Twitter