Simply Security - News, Views, and Opinions from Trend Micro

Posted on December 27th, 2011 in Privacy & Policy by Simply Security | 1 Comment | Tags: Privacy

Facebook and the FTC have agreed on a data privacy settlement.

Just two weeks after news broke that Facebook, the most popular social network on the planet with upwards of 800 million users, was tracking both users and non-users even after they navigated away from the company’s website, the U.S. Federal Trade Commission announced the two sides have reached an agreement.

Initially reported by USA Today, it was revealed that Facebook tracked the web activity of all users who navigated to the company’s website. It didn’t matter if the person had an account or not, once he or she left Facebook they were continued to be watched by cookies installed by the website.

Officials with the social media giant said the tracking was part of enhancing the overall user experience. By knowing which websites an Internet user visited, Facebook said it could better target the advertising that appears on its webpages.

Still, data security experts and the FTC were concerned about the fact that Facebook was keeping an eye on Internet users without their knowledge. What’s more, there was no way to opt-out of the program.

“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” FTC chairman Jon Leibowitz said in a terse announcement regarding the agency’s agreement with the social network. “Facebook’s innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not.”

In all, the settlement addresses eight counts of data privacy violations carried out by the company dating back to 2009, according to the FTC. Such incidents addressed by the government body included Facebook’s promise not to share users’ personal information, even though it turned around and handed the information over to advertisers. Another had to do with the accessibility of users’ photos and videos once an account had been closed. Facebook had promised to permanently delete such content, which did not occur, the FTC’s release said.

Moving forward, Facebook has agreed to several provisions aimed at enhancing its data privacy practices under the watchful eye of the federal government.

In addition to now being required to inform users when its policies for sharing data change, Facebook has also submitted to audits during the next 20 years that will ensure it is holding up its end of the settlement. Though no monetary fines were levied by the FTC in this instance, in the future if the company will be punished by as much as $16,000 per day in the event of future violations.

Facebook founder Mark Zuckerberg responded to both the outcry over the data sharing practices and the settlement with the government in a post to Facebook’s blog. He said that data security has always been a top priority for the company, though it has made mistakes in its history.

“I’m the first to admit that we’ve made a bunch of mistakes,” Zuckerberg wrote. “In particular, I think that a small number of high-profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done.”

Beacon was a controversial part of Facebook’s advertising system that was launched in 2007 and shared users’ browsing activity on their profile News Feeds. It was shut down in 2009.

Despite the FTC settle, Facebook and Zuckerberg’s fight with government entities may not be over, as the Telegraph of London recently reported the European Commission may also have some privacy questions.

Data Security News from SimplySecurity.com by Trend Micro