Facebook has settled with the United States Federal Trade Commission over charges that it deceived users with its privacy settings. This comes amid concerns from the European Commission over the amount of data the social networking giant collects and how it uses it in targeted advertisements.
According to the FTC’s charges, Facebook misled users by informing them that information they shared would be kept private. The charges, which date back to 2009, alleged that Facebook changed its privacy settings and turned private information into public information.
“They didn’t warn users that this change was coming, or get their approval in advance,” the FTC said.
The settlement requires Facebook to make a number of changes to how it handles information, with the most vital change being that the site must now get user approval before making changes to data sharing policies.
Facebook must also not make misrepresentations about site privacy and site security. They must obtain user consent before making changes that override users’ existing preferences. They must prevent anyone from accessing material from a user account more than 30 days after deletion. And they must submit to third-party “privacy audits” within 180 days and every two years after that for the next 20 years.
“Facebook’s innovation does not have to come at the expense of consumer privacy,” FTC chairman Jon Leibowitz said in a statement.
In a post titled “Our Commitment to the Facebook Community,” Mark Zuckerberg described the original purpose behind the social networking site and noted “I’m the first to admit that we’ve made a bunch of mistakes.” He noted “Beacon four years ago” and the much ballyhooed privacy shift two years ago as examples.
“I’m committed to making Facebook the leader in transparency and control around privacy,” Zuckerberg wrote.
Facebook has created two new positions to help deal with these issues: a chief privacy officer of products and a chief privacy officer of policy.
The company won’t pay anything as part of the settlement with the FTC, but future violations of the privacy requirements could lead to civil fines.