Facebook and the Federal Trade Commission have a final settlement concerning charges that Facebook deceived members when it said they could keep their information private on the social platform while allowing it to go public.
The settlement requires Facebook to give consumers clear notice and get their consent before sharing private information beyond their privacy settings. Facebook also will be subject to biennial privacy audits by independent third parties.
The FTC’s case with Facebook stems from a 2011 investigation into the social platform’s privacy practices. The FTC case stemmed from Facebook behavior dating back to 2009, around the time the company’s CEO and founder Mark Zuckerberg proclaimed the “death of privacy.”
An initial settlement was reached between the FTC and Facebook Nov. 29, 2011. Today’s announcement formalizes that agreement. The government has won similar agreements with Google and Twitter.
The FTC lodged seven complaints against Facebook when it began its investigation. Many of Facebook’s privacy practices are well-chronicled, including when it changed to the way member information and privacy settings were displayed without getting prior approval from them. The FTC also claimed that Facebook shared personal data with advertisers all the while claiming that it did not. As well, it kept people’s photos and videos on the site after they had deleted their accounts.
“Overall, I think we have a good history of providing transparency and control over who can see your information,” Zuckerberg wrote. “That said, I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes […] and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”
For the past several years, the FTC has targeted online privacy. Earlier this week, the FTC fined Google $22.5 million for failing to honor privacy settings in Apple’s mobile Safari browser. It is the largest fine for privacy violations ever levied by the FTC.
Per the settlement, Facebook will accept third-party privacy audits for the next 20 years. Facebook will be subject to civil penalties of up to $16,000 for each violation of the order.