Earlier this week, the Federal Trade Commission (FTC) announced a with Facebook, addressing its assertion that Facebook deceived users by failing to uphold its privacy promises. As we said elsewhere, the proposed settlement has one major step forward: it prohibits the company from 鈥渂egging forgiveness instead of asking permission鈥 by changing its privacy settings to make data more public or share it with more people. But it doesn鈥檛 cure with Facebook privacy.
Here鈥檚 a quick rundown of the plusses, a minus and outstanding questions of the proposed settlement. (You can read the whole thing .)
Plusses:
- Asking Permission, Not Begging Forgiveness. No more ; no more . Facebook must now obtain a user鈥檚 express consent before taking any information previously covered by a privacy setting and making it more public than it was before, and it promises not to 鈥渕isrepresent in any matter, expressly or by implication,鈥 its privacy protections for names, photos, location history, and other information.
- What鈥檚 Gone Is Really Gone. Once you delete a photo from Facebook, Facebook will ensure that no one else can access it within 30 days. (It still can鈥檛 help if your friend copied the photo and reposted it on Facebook or elsewhere, however.)
- Comprehensive Privacy Program. Facebook is required under the proposed settlement to establish a 鈥渃omprehensive privacy program鈥 that will protect the privacy of identifiers, photos, and location information in both new and existing products. Facebook has already announced that it will be appointing in response to the proposed settlement.
A Minus:
- The App Gap Remains. Although Facebook has promised to be clear about how information will be shared with third parties going forward, the proposed settlement does not fix such as the and .
Questions:
- Still Out of Control? The proposed settlement makes it very clear that Facebook must ask permission before increasing its sharing of information that currently has a privacy setting, but it does not explicitly put the same requirement on information that currently has no privacy setting at all (including information like your name and profile picture that ). This is particularly important as the company continues to collect information about its users activities outside of Facebook itself, such as its log of .
- Privacy by Default? The settlement agreement also doesn't explicitly address how Facebook will deal with new kinds of information from future products, since that information is also not covered by an existing privacy setting.
- The FTC's Future Role? The FTC is empowered to ensure that Facebook complies with the settlement, and Facebook has made a broad promise not to "misrepresent" its privacy protections in the future. But it鈥檚 not entirely clear whether the FTC would use this authority to challenge new Facebook products or services that aren't dealing with information currently covered by a privacy setting.
Learn more about dotRights: Sign up for breaking news alerts, , and .