Facebook Settles FTC Privacy Complaint

Palo Alto-based startup agrees to regular audits.

By Sajid Farooq

| Tuesday, Nov 29, 2011 | Updated 10:39 AM PDT

View Comments (

)

Under a new FTC settlement, Facebook has to do a better job of keeping user information private.

Photos and Videos

LOOK

PHOTOS
Hot
Holiday Tech Gifts

LOOK

PHOTOS
Silicon Valley
High-Tech Company Tour

More Photos and Videos

The No. 1 complaint against Facebook has been its protection of user information.

Google has created an entire social media site around it and now the Federal Trade Commission is confirming those concerns.

The Palo Alto-based startup settled a privacy complaint with the FTC over complaints that Facebook deceived its users by making consumer information more public.

"Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users," said Jon Leibowitz, Chairman of the FTC, in a statement. "Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."

Under the settlement, Facebook has agreed to get consumer approval before changing the way it shares data.

Rep. Anna G. Eshoo (D-Palo Alto), a ranking member of the Energy and Commerce Subcommittee on Communications and Technology and who represents the district where Facebook is based, welcomed the settlement.

"The importance of personal privacy is woven into the fabric of our country, and use of personal data by any company must be transparent and secure," she said. "I’ve always believed that companies, whether large or small, should provide tools that give consumers confidence that their information will not be shared more broadly than they intended. Today’s agreement upholds this belief."

The company will also have to undergo periodical audits by independent third party auditors over the next 20 years.

The FTC will also continue to monitor complaints against Facebook.

The settlement comes with five specific guidelines for Facebook to follow:

barred from making misrepresentations about the privacy or security of consumers' personal information;
required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;
required to prevent anyone from accessing a user's material no more than 30 days after the user has deleted his or her account;
required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and
required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.