Earlier today, Federal Trade Commission ("FTC") and Facebook announced a settlement of the government's charges that the company had deceived users regarding their ability to keep their information private. We have reposted below a blog post outlining the major elements of the settlement agreement. The post was authored by our colleague Colin Zick, co-founder of Foley Hoag's Security & Privacy practice group, and originally posted on the firm's Security, Privacy, and the Law blog.
One of the most interesting aspects of the settlement from a corporate social responsibility perspective is that Facebook has agreed to submit to independent audits to ensure that its privacy controls and policies are consistent with the FTC settlement. These audits are to occur every two years -- over the course of the next 20 years. A similar requirement was imposed in the FTC's settlement of its case against Google, which involved charges stemming from the company's launch of the Buzz social network.
In incorporating independent audit requirements, these recent FTC consent orders are consistent with the best practices established over the last decade in a variety of industries. For example, the Fair Labor Association requires its apparel industry member companies to submit to independent external monitoring, while in the information and communication technology industry, member companies of the Global Network Initiative (including Google) have agreed to regular independent assessments of their policies and procedures intended to protect user privacy and freedom of expression online.
Looking ahead, it will be interesting to see whether today's announcement may lead to other social media companies developing stronger internal and external mechanisms to ensure that their privacy policies are appropriate and effective.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
