SAN FRANCISCO (The Blaze/AP) -- To settle charges from government regulators that Facebook had often misled, sometimes illegally, its more than 800 million users about the sanctity of their personal information, the social media network is submitting to 20 years of audits. While this may seem extensive, some say it's just a start as to what the company should be doing to protect users' privacy.
The unflattering portrait of Facebook's privacy practices emerged in a Federal Trade Commission complaint alleging that Facebook exposed details about users' lives without getting legally required consent. In some cases, the FTC charged, Facebook allowed potentially sensitive details to be passed along to advertisers and software developers prowling for customers.
To avoid further legal wrangling, Facebook agreed to submit to government audits of its privacy practices every other year for the next two decades. The company committed to getting explicit approval from its users -- a process known as "opting in" -- before changing their privacy controls.
SlashGear reports the American Civil Liberties Union as saying while this is a good first step but there is more that can be done:
“Today’s settlement requires Facebook to obtain a user’s express consent before sharing any information that would not have been shared under the user’s prior privacy settings” tech and civil liberties expect at the organization, Chris Conley, highlights. “That’s definitely a step in the right direction.”
However, Conley also calls for improvements to settings options and how privacy is explained to social network users. “We also need more tools from Facebook like its Profile Review and inline privacy controls that help users understand and control how their personal information is being shared” he insists.
Facebook's stepped-up commitment to privacy also wasn't enough to satisfy Jeff Chester, executive director for the Center for Digital Democracy, one of the privacy watchdog groups that prodded the FTC investigation. In a statement, Chester called on Zuckerberg and Facebook's board of directors to resign so that the company could hire more trustworthy replacements.
"They misled consumers and should pay a price beyond a 20-year agreement to conduct their business practices in a more above-board fashion," Chester said.
This local Fox affiliate spoke with a social media expert who says he thinks the settlement is "good enough for now" but users also have to take some responsibility for what they decide to post online:
[youtube http://www.youtube.com/v/4SkLxEa8n8M?version=3&hl=en_US expand=1]
The FTC's truce with Facebook, along with previous settlements with Google and Twitter, is helping to establish more ground rules for online privacy expectations even as Internet companies regularly vacuum up insights about their audiences in an effort to sell more advertising.
Although Facebook didn't acknowledge any wrongdoing in the legal papers it signed with the FTC, Facebook co-founder and CEO Mark Zuckerberg was more contrite in a blog post.
I'm the first to admit that we've made a bunch of mistakes. In particular, I think that a small number of high-profile mistakes ... have often overshadowed much of the good work we've done.
But FTC's 19-page complaint casts a glaring spotlight on how Facebook has approached its users' rights to privacy at a time that it is facing tougher competition from Internet search leader Google Inc., which has attracted more than 40 million users to a social service called Plus just five months after its debut.
Google tried to lure people away from Facebook with a system that made it easier to guard their personal information. Facebook has responded by introducing more granular privacy settings.
The FTC cracked down on Google eight months ago for alleged privacy abuses that occurred last year when the company attempted to plant a social network called Buzz within its widely used Gmail service. Like Facebook, Google agreed to improve its privacy practices and submit to external audits for the next 20 years.
Twitter, the online short-messaging service, also struck a settlement with the FTC in June 2010 to resolve charges that it didn't do enough to protect users' accounts from computer hackers.
Much of the FTC's complaint against Facebook centers on a series of changes that the company made to its privacy controls in late 2009. The revisions automatically shared information and pictures about Facebook users, even if they previously programmed their privacy settings to shield the content. Among other things, people's profile pictures, lists of online friends and political views were suddenly available for the world to see, the FTC alleged.
The complaint also charges that Facebook shared its users' personal information with third-party advertisers from September 2008 through May 2010 despite several public assurances from company officials that it wasn't passing the data along for marketing purposes.
Facebook believes that happened only in limited instances, generally when users clicked on ads that appeared on their personal profile pages. Most of Facebook's users click on ads when they are on their "Wall".
The FTC also alleged that Facebook displayed personal photos even after users deleted them from their accounts.
Facebook's agreement with the FTC requires the company to obey privacy laws or face fines of $16,000 per day for each violation.
"Facebook's innovation does not have to come at the expense of consumer privacy," FTC Chairman Jon Leibowitz. "The FTC action will ensure it will not."
The FTC's commissioners unanimously approved the agreement with Facebook. The FTC is accepting public comments through Dec. 30 before deciding whether to finalize the settlement.
Facebook sought to downplay the gravity of the FTC's allegations, maintaining that it had already addressed most of the privacy complaints. Zuckerberg said the website has added more than 20 new privacy features in the past 18 months.
To underscore its commitment, Facebook has created two new executive positions -- Michael Richter as chief privacy officer of products and Erin Egan as chief privacy officer of policy.
"This means we're making a clear and formal long-term commitment to do the things we've always tried to do and planned to keep doing - giving you tools to control who can see your information and then making sure only those people you intend can see it," Zuckerberg wrote in his blog post.