According to published accounts of the content of the proposed settlement agreement, Facebook would agree to obtain advance, express consent from users before sharing any material that was posted prior to the new guidelines.
For example, under terms of the agreement, if a user were to upload or update his online status or personal information, intending it to be viewable only by a select group of “friends,” then Facebook would be prohibited from subsequently making that photo or that updated information accessible to anyone outside the group of people originally authorized by the user.
The Wall Street Journal reported that a source told the newspaper that changes made to privacy settings unilaterally by the popular site resulted in more personal information being shared than users were accustomed to or had consented to in the Terms of Service (TOS). The identity of the source was undisclosed pending final approval of the settlement.
If ultimately signed off on by Facebook and the Federal Trade Commission, the agreement mandates that Facebook request and receive consent to share personal data in advance of taking such action, particularly if the user was unaware of how the information might be displayed.
The settlement does not address the implementation of new features or how consent for sharing of any new data subsequent to installation of those features should be obtained.
Despite the punitive nature of the terms of the settlement reached in the case, no mention was made in published reports of any monetary compensation that will be paid by Facebook as a result of the government’s investigation of its practices.
There are, however, allegedly provisions in the settlement for an annual, independent audit of Facebook’s conformity with the new privacy-protecting rules imposed by the FTC. Such yearly reviews will continue for 20 years, according to the anonymous source close to the negotiations.
Neither Facebook officials nor Federal Trade Commission representatives commented on either the content or existence of the rumored settlement agreement.
The probe into the privacy controls set up by Facebook began after a complaint against the company was filed in late 2009 by the Electronic Privacy Information Center (EPIC), an online privacy advocacy organization. EPIC was joined by nine other consumer advocacy concerns who signed on as co-plaintiffs.
The suit alleged that subscribers to Facebook suffered harm when the site altered previously accepted privacy settings without notifying users of the effects of the changes. These changes left users without “meaningful control over personal information.”
As for the specific privacy policies fiddled with by Facebook, the 2009 complaint points to changes
that encouraged users to reveal their names, profile photos, lists of friends, pages they are fans of, gender, geographic regions and networks to which they belong. The FTC should compel Facebook to allow users to choose whether to disclose personal information and to choose whether to fully opt out of revealing information to third-party developers….
The lawsuit and the subsequent inquiry by the government agency tasked with the promotion of consumer protection and the elimination and prevention of behavior believed by regulators to be damaging to competition and to fairness in business practices are not Facebook’s first run-ins with those patrolling online privacy.
Facebook is regularly reprimanded for its porous privacy protections, as well as for inexplicably and without warning changing settings to various elements of user accounts.
Reportedly, management has attempted to address these issues by placing privacy controls in a more conspicuous location on the the profile page maintained by subscribers.
Although based in the United States and a domestic phenomenon, Facebook is immensely popular overseas and its practices have come under scrutiny abroad, as well.
According to a story published recently by the online version of the San Francisco Chronicle:
Facebook Inc. may be fined by a German data-protection agency over a feature that uses facial-recognition software to suggest people to tag in photos on its social-networking site.
Facebook introduced the feature in Europe "without informing users or getting the required consent" it is obliged to under European Union and German laws, the Hamburg data- protection authority said in a statement on its website Thursday. A solution proposed by Facebook is "insufficient" and would only apply to new users, not the more than 20 million existing German users, the privacy regulator said.
"After the months of negotiations we have had with Facebook, the result is disappointing," Johannes Caspar, the Hamburg data-protection representative, said in the statement. "There's still a breach of European and national data-protection law, which now has to be stopped."
The regulator's action adds to probes of the Palo Alto company by the Irish data-protection agency and Norway's privacy watchdog. A group of EU regulators said in June they will look for possible privacy violations in Facebook's facial-recognition feature.
Commenting on the worldwide appeal of the social media giant and the confusing foreign regulatory maze it must walk, Tim Keanini of nCircle told one technology news source, "It's important to remember that the FTC is a national agency, but Facebook is a global business. When it comes to privacy laws, the U.S. is nowhere near as strict as other countries.”
Although undoubtedly the largest, Facebook is not the only one of the online social media outlets to be forced to run the federal regulatory gauntlet. Google and Twitter have already acquiesced to the FTC’s rules earlier this year. An eWeek.com article chronicling the government’s quest to plug up privacy holes plaguing the Internet reported:
Google agreed to a similar settlement to pay $8.5 million into an independent fund and develop a "comprehensive privacy program" that it will submit to independent review every other year.
Twitter has also agreed to outside audits for 10 years after the FTC charged the site with "serious lapses" in its data security after hackers broke into several high-profile accounts.
Regardless of the federal government’s apparent concern over the unapproved sharing of the digital details of the lives of citizens, there are some who wonder who is the wolf and who is the lamb.
"If you voluntarily use social networking tools, your IP address, and so your entire Internet history, must be revealed to the authorities. It is not just about what social networks do with your data, it is also about what the government thinks they have a right to look at," Pim Bilderbeek, principal analyst at GigaOM Pro and founder of Bilderbeek Consulting, told TechNewsWorld.
Once the agreement is finalized and the details of it become public, users and other interested observers will be able to monitor Facebook’s diligence in toeing the bureaucratic line.
Tim Keanini reminded readers that the bottom line is the bottom line:
The real test of the FTC agreement will be in Facebook's implementation. No social media can implement strict user privacy controls without serious damage to their business model. Every social media platform is in the business of selling information about users to third parties.
Photo: AP Images