The USA Federal Trade Commission (FTC), an independent agency of the United States government charged with consumer protection, has forced Facebook to overhaul its privacy practices, as the privacy policy in place was found to be ‘deceptive’.
The FTC had issued an administrative complaint against Facebook Inc, a private company based in California, as it had reason to believe that the company had breached US law and that an FTC investigation would be in the best interest of the general public.
Specifically, the FTC had charged Facebook with making unfair and deceptive claims in connection with the protection of users’ personal data.
Violating its own privacy policy and international agreements
The FTC found that Facebook had violated its own privacy policy on several occasions, making promises in connection with user privacy that it did not keep.
Facebook thus, for example, told its users they could restrict the sharing of data to limited audiences only (e.g. to ‘Friends Only’), when in reality this data could still be used by third-party applications their friends used.
Facebook had also shared the personal data of users with advertisers, though it promised not to, and had stated that third-party applications that users installed would have access only to the information needed for their operation, when in reality the applications could access nearly all of the users’ personal data.
In 2009, when changing its website, Facebook also made public certain information that users had deemed ‘private’ without warning users of this change or obtaining their approval.
Moreover, the FTC found that when Facebook users would deactivate their accounts, their photos and videos could still be accessed, even though Facebook claimed this data would be made inaccessible.
The FTC also challenged Facebook’s claim that it had complied with the US-EU Safe Harbour Framework, a mechanism that allows US companies to transfer data from the EU to the US in line with European law, finding that the company had in fact breached this agreement.
‘Small number of high profile mistakes’
In response to the allegations, Facebook CEO Mark Zuckenberg admitted to making a “small number of high profile mistakes” and expressed Facebook’s commitment to remedy the faults found by the FCC.
Consequently the FCC and Facebook have signed an agreement that bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.
