15 Aug 2012

FTC Sets Conditions for Facebook’s Sharing of User Info, Requires Consumer Consent

The U.S. Trading Commission has accepted a final settlement with Facebook concerning the eight-count complaint filed in November last year concerning alleged privacy infringements and misrepresentation of the platform’s third-party security verification processes.

The document sets strict conditions under which third parties can obtain user information from the platform. Facebook is ordered “to clearly and prominently” tell users what kind of information it will share with third parties and what kind of third parties it will share with. Facebook is also to tell users that “such sharing exceeds the restrictions imposed by the privacy setting(s) in effect for the user; and B. obtain the user’s affirmative express consent.”

Facebook app security is also among the eight counts. The platform was supposed to have checked apps aspiring to the “verified” status and it appears that it falsely claimed to have done so, while charging app developers for it. “Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't”, reads the proposed settlement released by the FTC in November 2011.

According to the final Agreement, Facebook “shall not misrepresent in any manner, expressly or by implication, the extent to which it maintains the privacy or security of covered information, including, but not limited to […] the steps Respondent takes or has taken to verify the privacy or security protections that any third party provides.”

Facebook launched its App Center on May 9, announcing that the listing of apps depends on compliance with guidelines and on “user ratings and engagement”. Facebook Platform Policies, on the other hand, place responsibility for content on third parties’ shoulders exclusively. “You must make it clear that this content is not provided by Facebook. You must also comply with the Facebook Community Standards.”

The FTC said it will “closely monitor” Facebook and warned about “penalties of up to $16,000 for each violation of the order,” as indicated in a statement quoted by Mashable. The Commission urges the company to “live up to its promises and submit to privacy audits”.