In a release today, the U.S. FTC announced that “Facebook has agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established.”
Among other things, Facebook specifically is:
- “required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;”
- “required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account;” and
- “required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.”
The proposed consent agreement and order is subject to public comment through December 30, 2011. After then, the FTC after will decide whether to make the proposed consent order final.