Facebook Inc. is close to a settlement with the U.S. government over charges that it misled users about its use of their personal information, the latest sign of widening public concern over privacy in the digital age.
According to people familiar with the talks, the settlement would require Facebook to obtain users' consent before making "material retroactive changes" to its privacy policies. That means that Facebook must get consent to share data in a way that is different from how the user originally agreed the data could be used.
Facebook founder and CEO Mark Zuckerberg speaks to reporters at Harvard University on Monday, November 7, 2011
The pact—which awaits only final approval from the Federal Trade Commission—has the potential to reverberate widely. Myriad online services and companies are developing sophisticated tools for observing people's behavior online and profiting from the personal information they provide. In recent months, the FTC has been signaling that privacy is on the top of its enforcement agenda.
The social network, with 800 million world-wide users, has faced repeated complaints from users that it changed policies to disclose more of their personal information without adequate notice from the company.
The settlement stems from changes Facebook made to its privacy settings in December 2009 to make aspects of users' profiles—such as name, picture, city, gender, and friends list—public by default. At the time, Facebook founder Mark Zuckerberg described the changes as a "simpler model for privacy control."
Users complained and several privacy advocates, led by the Electronic Privacy Information Center, filed a complaint with the FTC, alleging the changes were unfair and deceptive.
Under the terms being discussed, the agreement would require Facebook to submit to independent privacy audits for 20 years, the people familiar with the matter said.
CBS' Leslie Stahl interviewed Facebook founder and CEO Mark Zuckerberg in December 2010 for the TV show "60 Minutes" and confronted Zuck with the issue of Facebook's online privacy. Leslie Stahl commeted on Facebook's new profile page and Like button. Leslie Stahl tells Zuck, "There is a sense, that you, after all this time, aren't always above board, and that there is some hidden motive, to kinda invade our privacy, take the information, and use it to make money." Zuck denied the later and said, "We never sell your information, advertisers using the site never get access to the information."
Facebook's move to resolve privacy concerns comes as speculation grows over a possible initial public offering next year, which could value the company at up to $100 billion.
Facebook executives have not said anything publicly about the timing of an IPO. But the company is fast approaching an April 2012 deadline by which securities laws would require it to file public financial results. In recent months, Facebook has revamped its policy team that handles privacy and other government issues.
In June 2010, Mark Zuckerberg was interviewed by Karen Swisher, the editor of All Things Digital in front of a live audience. During that interview, Karen grilled Zuck to admit that Facebook is misleading about its privacy policies. Zuck became quite uncomfortable, neversous, and was so shaken by her questions that he barely mumbled his words and began sweating profusely. He sweated so much, that he finally agreed to remove his famous black "hoodie".
A person familiar with the matter said the Facebook settlement does not require users to expressly agree to all changes made on the site.
This person said the agreement prohibits Facebook from making information that's already on the site available to a wider audience than previously intended, without the user's express consent. In general, the settlement won't dictate how Facebook obtains user consent for new features.
The Facebook settlement is part of a broader government push to hold companies more accountable for the personal data they collect, store and trade. The FTC last year called for the development of a "do not track" system that would make it easier for Internet users to protect their browsing activity from outside snooping. The Obama Administration has called for a "privacy bill of rights" that would regulate the commercial collection of user data online. And lawmakers have introduced more than a dozen privacy bills in Congress this year.
Other social networks that have been investigated by the FTC and sanctioned include:
- Google - In March, Google agreed to develop a "comprehensive privacy program" and submit it to outside review every other year for 20 years, when it settled FTC charges of falsely representing how it would use personal information. The FTC accused Google of telling Gmail users that the information would only be used for email, but then also using it for a social networking service called Buzz.
- Twitter Inc. - Also agreed to outside audits, after the FTC charged the microblogging service with "serious lapses" in its data-security practices after hackers broke into accounts, including one belonging to President Barack Obama. Twitter agreed to conduct security audits every other year for 10 years.
People familiar with the matter said FTC commissioners are likely to vote on the proposed Facebook settlement in the next few weeks. They could approve it, or send it back to FTC staffers and Facebook for changes, which would be unusual. An FTC spokeswoman declined to comment.
Lisa Sotto, partner and head of the Global Privacy and Information Management Practice at law firm Hunton & Williams said of privacy issues.
"The FTC has made clear that it is stepping up enforcement. Companies would be wise to pay attention to this trend and implement privacy programs that include comprehensive assessments of their privacy practices."
Facebook has changed its privacy settings several times:
Facebook has changed its privacy settings several times, including reversing some of the changes it made in late 2009. In response to the initial uproar, Facebook made other changes as well.
- May 2010 - Facebook simplified its privacy settings for users.
- October 2010 - It offered a tool to let users share information with just a group of others.
- August 2011 - Facebook began displaying privacy controls more prominently on a user's profile page. It also now lets users control who can see each post.
It's not clear how many of Facebook's privacy changes are included in the FTC's complaint against the company.
One example of Facebook's new approach is its new Timeline feature, which gathers in timeline format historical posts, photos and videos from a user's life. Mr. Zuckerberg said last month that users will have seven days after the feature is introduced to manually edit, or delete, their entries, before the timeline is shared with their Facebook friends.
One point of negotiation between Facebook and the FTC was over the length of time a third party would be required to audit the company's privacy settings, said one person. Facebook wanted just five years, and the FTC wanted a 20-year commitment.
Facebook ultimately agreed to 20 years, said the person.
In a recent interview with Charlie Rose, Mr. Zuckerberg said the company is working to make it easier for people to control their privacy on Facebook. (See my blog post dated November 9, 2011)
He said of the site's privacy settings.
"It's getting more and more important to be increasingly clear and give people those controls. I don't think we're at the end. I think we're going to need to keep on making it easier and easier, but that's our mission."
COMMENTARY: I am very, very pleased to hear that Facebook has finally been sanctioned by the FTC and required to undergo annual privacy audits to insure that it is complying with FTC privacy regulations.
There doesn't appear to be a shortage of privacy violations involving the social networks and other applications developers.
In a blog post dated December 28, 2010, I reported that The Wall Street Journal had conducted an investigation and discovered that 101 Apple iPhone apps was supplying private information about its users to advertisers. Both Apple and the app developers were named in a class action lawsuit.
In a blog post dated March 31, 2011, I reported that Google and Twitter both agreed to similar 20-year sanctions after numerous privacy violations.
On March 29, 2011, social-networking site LinkedIn was sued for violating users' privacy by allegedly leaking information about them to advertisers. In a complaint filed with the U.S. District Court for the Northern District of California, San Francisco resident Kevin Low alleges that LinkedIn enabled ad networks and other third parties to discover his name and connect it to tracking cookies. No word on whether that lawsuit ever went class action, dismissed or was settled amicably.
In a blog post dated Aprill 25, 2011, I reported that after intensifying concerns over privacy and the widening trade in personal data, a Wall Street Journal investigation discovered that Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively. Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people's locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services—expected to rise to $8.3 billion in 2014, according to research firm Gartner Inc.
In a blog post dated June 8, 2011, I reported that Facebook Inc. was being probed by European Union data-protection regulators over a feature that uses face-recognition software to suggest people’s names to tag in pictures without their permission. A group of privacy watchdogs drawn from the EU’s 27 nations are studying the measure for possible rule violations, and are also looking into the photo-tagging function on the world’s most popular social-networking service.
On December 1, 2010, the Federal Trade Commission (“FTC”) released “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” (“the Report”), a preliminary staff report proposing a new conceptual framework for privacy protection. The new FTC framework proposal is NOT a low, but is intended to inform policymakers, including Congress, as they develop solutions,policies, and potential laws governing privacy, and guide and motivate industry as it developsmore robust and effective best practices and self-regulatory guidelines.
With the recent passage of the Net Neutrality bill by Congress, perhaps the new Congress voted into office in November 2010, will finally address Internet privacy concerns more thoroughly and legislate into law new rules and regulations to govern internet privacy in keeping with the latest online technologies.
Courtesy of an article dated November 11, 2011 appearing in The Wall Street Journal
Comments
You can follow this conversation by subscribing to the comment feed for this post.