The FTC released a 19-page complaint against Facebook addressing how the company has been approaching its users’ rights and privacy. The complaint focused on the changes to privacy control that Facebook made in 2009, which resulted in the automatic sharing of personal information and pictures of Facebook users, even if those users had previously set their profiles to private settings.
Likewise, Facebook was charged with purposely sharing user information. Fox News reports, "The unflattering portrait of Facebook’s privacy practices emerged Tuesday in a Federal Trade Commission complaint alleging that Facebook exposed details about users’ lives without getting legally required consent. In some cases, the FTC charged, Facebook allowed potentially sensitive details to be passed along to advertisers and software developers prowling for customers."
Because this is not the first time Facebook has been scrutinized for issues of privacy, the company has now agreed to government audits of their privacy practices every other year for the next 20 years. Additionally, any privacy violation on Facebook will result in a fine of $16,000 each day for each violation. While the FTC commissioners have all approved of the agreement struck with Facebook, the FTC is open to public comments through December 30 before ultimately finalizing the agreement.
"Facebook's innovation does not have to come at the expense of consumer privacy," FTC Chairman Jon Leibowitz declared, adding, "The FTC action will ensure it will not."
There are those who believe that Facebook should have been given even harsher penalties, including Jeff Chester of the Center for Digital Democracy, the privacy watchdog group which encouraged the FTC’s investigation of Facebook. "They misled consumers and should pay a price beyond a 20-year agreement to conduct their business practices in a more above-board fashion," Chester maintained.
Facebook has attempted to show a commitment to user protection by creating two new staff positions in order to increase privacy assurances: chief privacy officer of products and chief privacy officer of policy.
"This means we're making a clear and formal long-term commitment to do the things we've always tried to do and planned to keep doing — giving you tools to control who can see your information and then making sure only those people you intend can see it," Facebook co-founder and CEO Mark Zuckerberg wrote in his blog post.
Last year, the FTC settled a privacy case with Twitter after it conducted an investigation of the company’s failure to protect the personal information of its customers. According to the FTC, Twitter allowed hackers in 2009 to view Tweets that were designated as private, and to gain access to the accounts of President Obama, Fox News, and a number of others.
Twitter settled the case by agreeing to set up an independently audited security program. It is also barred for the next 20 years from misleading consumers regarding the extent to which it “maintains and protects the security, privacy, confidentiality or integrity of any nonpublic consumer information.”
David Vladeck, director of the FTC's Bureau of Consumer Protection, commented in a statement,
When a company promises consumers that their personal information is secure, it must live up to that promise. Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.
Twitter contends that it had already prepared to take extra precautions to ensure the privacy of its consumers without the intervention of the FTC. "Even before the agreement, we'd implemented many of the FTC's suggestions and the agreement formalizes our commitment to those security practices," Twitter general counsel Alexander Macgillivray wrote.
Earlier this year, Google’s social network, Google Buzz, came under investigation by the FTC for similar issues, allegedly deceiving customers regarding their privacy promises. The FTC came to an agreement with Google similar to the ones struck with Facebook and Twitter. Google is barred from future privacy misrepresentations, is forced to implement a comprehensive privacy program, and is required to submit to independent privacy audits for the next 20 years. In fact, the agreement with Google marked the first time that an FTC settlement order mandated that a company implement a privacy program to protect customer information.
"When companies make privacy pledges, they need to honor them," FTC chairman Jon Leibowitz said in a statement. "This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations."
Facebook has not admitted to any wrongdoing, indicating that it agreed to the settlement to avoid any further legal troubles, but a blog post by Mark Zuckerberg stated, “I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high-profile mistakes ... have often overshadowed much of the good work we’ve done.”
According to Fox News, Facebook has been making money “by mining the personal information that it collects to help customize ads and aim the messages at people most likely to buy the products and services being promoted.” The process has been effective, as Facebook's expected revenue this year will be well over $4 billion, up from $777 million in 2009.