The Federal Trade Commission (FTC) announced on November 29, 2011 that Facebook has settled charges that it deceived consumers by making false privacy assurances, and then repeatedly allowing consumer information to be shared and made public. The settlement serves as a timely reminder that companies must abide by their own statements regarding how personal information is used and shared.
Under the terms of the settlement, Facebook is:
- Barred from making misrepresentations about the privacy or security of consumers' personal information;
- Required to obtain consumers' "affirmative express consent" before enacting changes that override their privacy preferences;
- Required to implement procedures to prevent third parties from accessing users' information no later than 30 days after a user has deleted such information or terminated his or her account;
- Required to implement and maintain a comprehensive privacy program; and
- Required to obtain, every two years for the next 20 years, third-party audits certifying that its privacy practices are compliant with the FTC's order.
The FTC lists eight specific allegations about Facebook's information practices in its complaint accompanying the settlement. Among these allegations were claims that Facebook: (1) changed its website so certain information users may have designated as private was made public (without warning users this change was coming, or obtaining users' approval in advance); (2) misrepresented the level of access to user data provided to third-party apps; (3) misrepresented that it had certified the security of participating third-party apps; (4) falsely claimed that it would not share users' personal information with advertisers; (5) falsely claimed that when users deactivated or deleted their Facebook accounts, their user content would be inaccessible; and (6) misrepresented that it complied with the US – EU Safe Harbor Framework governing data transfers between the European Union and the United States.
The settlement agreement will be subject to public comment until December 30, 2011, after which the FTC will decide whether to make the proposed settlement agreement final.
This alert provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.
