Facebook agreed to settle with the Federal Trade Commission (FTC) on Nov. 29 over charges that it violated the Federal Trade Commission Act by making public to advertisers consumers’ private information.
Among the eight counts leveled against Facebook, the FTC alleged that advertisers were able to access Facebook users’ personal information, despite Facebook’s promise that it would not share this information with advertisers.
“When a Facebook user clicked on an advertisement, Facebook was sharing…a specific identifier that identified that user and advertisers combined that with the user’s browsing history,” said Maneesha Mithal, associate director of the FTC’s privacy and identity protection division, during a conference call with reporters.
The FTC levied two complaints regarding third-party applications’
ability to access consumer information, in spite of privacy settings that
claimed to restrict such sharing. The commission also alleged that a December 2009 Facebook policy change allowed
consumer-designated private information to become publicly available
without warning consumers or soliciting consent. Facebook also permitted
access to deactivated or deleted accounts’ content despite claiming
that such content would be inaccessible, according to the FTC.
Facebook agreed to obtain consumers’ “affirmative, express consent” before sharing users’ information in ways that conflict with their privacy settings and will stop providing access to information from deleted accounts, per the settlement terms. The company has also agreed to establish a comprehensive privacy program, as Google agreed to when the company settled with the FTC in March.
“As in the FTC’s order concerning Google Buzz, Facebook must implement a
comprehensive privacy program, and an independent auditor will monitor
that program for 20 years,” FTC Chairman Jon Leibowitz said during the
Facebook directed request for comment to a company blog post written by CEO Mark Zuckerberg. In the post, Zuckerberg said that Facebook has already addressed two of the advertising-related violations alleged by the FTC.
“For example, their complaint to us mentioned our Verified Apps Program, which we canceled almost two years ago in December 2009. The same complaint also mentions cases where advertisers inadvertently received the ID numbers of some users in referrer URLs. We fixed that problem over a year ago in May 2010,” Zuckerberg wrote.
Zuckerberg also said that Facebook appointed two chief privacy officers on Nov. 29. Erin Egan will serve as chief privacy officer of policy, and Facebook chief privacy counsel Michael Richter was appointed as chief privacy officer of products. Egan was formerly partner and co-chair, global privacy and data security practice at law firm Covington and Burling.