The Federal Trade Commission today released a much-anticipated settlement with Facebook over a series of privacy breaches. The deal has some bite, requiring the social networking giant to comply with a tough series of orders for the next two decades. Meanwhile, the FTC also gave its fans a chance to express support for the deal on (what else?) Facebook.
The proposed settlement agreement grows out of a complaint earlier this year in which the FTC called attention to eight instances in which Facebook had failed to respect users’ privacy. These included Facebook’s 2009 decision to change personal information settings from private to public as well as repeated failures to disclose how much information it was providing to third party app developers.
In its complaint, the FTC relied on a federal law that lets it investigate and punish “unfair or deceptive” trade practices. Today’s settlement, news of which was leaked weeks ago, means that Facebook can avoid going to court and even admitting liability as long as the company complies with a series of privacy measures.
The measures require Facebook to give users “a clear and prominent notice” and obtain their consent before sharing their information with a third party. The agreement also requires the company to take down information about former users, and to save and collect privacy complaints. Perhaps the most serious measure is the requirement that the company establish a comprehensive privacy monitoring system that will be verified by independent third party auditors every year for the next two decades.
The settlement appears to be based on a similar 20-year agreement the FTC reached with Google (NSDQ: GOOG) earlier this year. The FTC Commissioners approved the new settlement in a 4-0 vote but it will still have to be formally ratified after a 30-day public comment period has passed. The agency has released a summary of the deal (embedded below) to help the public understand it.
Facebook’s CEO, Mark Zuckerberg, today released a candid blog post acknowledging the settlement and explaining the company’s evolving awareness of privacy. He also admitted the company has made errors:
That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.
The settlement coincides with new rumors that Facebook is planning a massive IPO next spring that would value the company at $100 billion. The privacy issue is a critical one for Facebook because much of its revenue is derived from using personal data to selling advertisements. Regulators, especially in Europe, are keenly interested in how the company is managing this data and further privacy breaches could lead them to order Facebook to modify or destroy it.
As for the FTC, the agency has grabbed center stage at a time when Congress and consumers are becoming increasingly focused on privacy. In the absence of federal privacy legislation, the FTC has become a leader in the field by relying on its powers to punish unfair business practices.
The agency reported today’s settlement on its website but also on its Facebook wall where users can ‘Like’ the announcement. As of Tuesday afternoon, only three people had ‘Liked’ the announcement. None of them were from Facebook.