The FTC had issued an administrative complaint against Facebook Inc, a private company based in California, as it had reason to believe that the company had breached US law and that an FTC investigation would be in the best interest of the general public.
Specifically, the FTC had charged Facebook with making unfair and deceptive claims in connection with the protection of users’ personal data.
Facebook thus, for example, told its users they could restrict the sharing of data to limited audiences only (e.g. to ‘Friends Only’), when in reality this data could still be used by third-party applications their friends used.
Facebook had also shared the personal data of users with advertisers, though it promised not to, and had stated that third-party applications that users installed would have access only to the information needed for their operation, when in reality the applications could access nearly all of the users’ personal data.
In 2009, when changing its website, Facebook also made public certain information that users had deemed ‘private’ without warning users of this change or obtaining their approval.
Moreover, the FTC found that when Facebook users would deactivate their accounts, their photos and videos could still be accessed, even though Facebook claimed this data would be made inaccessible.
The FTC also challenged Facebook’s claim that it had complied with the US-EU Safe Harbour Framework, a mechanism that allows US companies to transfer data from the EU to the US in line with European law, finding that the company had in fact breached this agreement.
‘Small number of high profile mistakes’
In response to the allegations, Facebook CEO Mark Zuckenberg admitted to making a “small number of high profile mistakes” and expressed Facebook’s commitment to remedy the faults found by the FCC.
Consequently the FCC and Facebook have signed an agreement that bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.
Latest posts by Ursa Primozic (see all)
- Generation Awake: An EU campaign to promote resource efficiency, including electronics - December 17, 2014
- Latest Aphaia white paper: Data protection and privacy in the world of Big Data, an EU perspective - October 5, 2014
- Want to always stay up to date? Become part of Aphaia’s LinkedIn community! - September 9, 2014