After the US government filed charges that Facebook violated US privacy law, Facebook finally confessed that it failed to protect the privacy of its 800 million active users. The Federal Trade Commission (FTC) welcomes the public to submit comments on the settlement through December 30, 2011.
Under the proposed consent order, which does not include any fines, Facebook is:
barred from making misrepresentations about the privacy or security of consumers' personal information;
required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;
required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;
required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and
required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
The Facebook user community surely welcomes these commitments to comply with privacy laws, and it’s good to see that FTC will monitor Facebook’s privacy compliance for the next 20 years. The 20 year privacy monitoring is similar to the FTC’s agreement for Google to protect privacy after Google’s social media disaster with Buzz.
However, time will tell if the FTC can really police social media privacy, so it would be wise for social media users to protect their own privacy.