Facebook Agrees To Submit To Independent Privacy Audits For The Next 20 Years
from the bait-and-switch dept
The Wall Street Journal is reporting that Facebook and the FTC are finalizing a settlement agreement regarding some of Facebook's numerous past privacy flubs. The WSJ reports:
According to people familiar with the talks, the settlement would require Facebook to obtain users' consent before making "material retroactive changes" to its privacy policies. That means that Facebook must get consent to share data in a way that is different from how the user originally agreed the data could be used.
The thing is, that's already the rule. While there's no law that specifically says a company like Facebook can't retroactively change the way it uses user information, the FTC treats it as an unfair and deceptive trade practice - kind of like a bait-and-switch. You decide you're comfortable putting information like your gender and dating status on your Facebook page because Facebook promised it would only show that stuff to your friends. And then it goes and makes it all public: Bait and switch.
Since we don't have comprehensive privacy laws in the US, the only real way to hold companies like Facebook to their word when they say things like "your information is private" is to approach it from a consumer protection angle. Lying to your users about how their personal information is going to be used (or changing your mind later and not telling anyone) is unfair and deceptive, and is exactly the type of thing the FTC can address through fines.
So, making Facebook agree to get express consent before making material retroactive changes to its privacy policies is a bit like making it write "I will not chew gum in class" fifty times on the blackboard before it can go out to recess. The really interesting part of the settlement agreement is that, like Google did in the Buzz settlement, and Twitter did concerning its security, Facebook is agreeing to submit to independent privacy audits for the next twenty years.
My hope for the long term outcome of this settlement agreement is that Facebook will be more upfront and transparent about their privacy practices, and not pull the bait-and-switch move on privacy that they've become known for. Hopefully, this will in turn lead to fewer Facebook-privacy-policy-instigated Chicken-Little-style paranoia outbreaks.