What the FTC's Facebook Privacy Settlement Means for Marketers6 Dec, 2011 By: Linda A. Goldstein
The Federal Trade Commission (FTC) recently announced a major settlement with Facebook resolving allegations that Facebook failed to honor some of the promises contained in its privacy policies regarding data collection and sharing practices.
1. In December 2009, Facebook changed its website so that some information that users had previously designated as private was made public. The FTC objected to the fact that Facebook did not provide notice of this change or obtain consumer consent.
2. Facebook represented that third-party apps would only have access to user information that was necessary to operate the app. Instead, the apps were able to access nearly all of the user’s personal data.
3. Facebook told users they could restrict sharing of data to limited audiences by setting the privacy designation to “Friends Only,” but that did not prevent the information from being shared with third-party apps that their friends used.
5. According to the FTC, Facebook claimed that when users deactivated or deleted their accounts their photos and videos would be deleted. However, this did not happen.
The consent order prohibits Facebook from making any misrepresentations about how it will treat consumers’ personal information in the future and requires it to provide notice of any material changes to its policies and to obtain the consumer’s affirmative express consent before making any changes that would override the consumer’s privacy preferences, among other restrictions.
Finally, the order defines personal information to include not just name and address, but E-mail address, IP address, photos, videos, screen names, mobile or other telephone numbers, and physical locations – consistent with the FTC’s broad approach to the definition of personal information.
Marketers should also beware that some of the offenses cited by the FTC resulted from the collection of information through third-party apps rather than directly by Facebook. Marketers would be well advised to verify what information is being collected by any third-party apps or services being used in connection with their services, how they will be used, and to disclose this information in their privacy policies.
Linda Goldstein is chair of the Advertising, Marketing and Media division of Manatt, Phelps & Phillips LLP, based in the firm’s New York office. She can be reached at (212) 790-4544 or firstname.lastname@example.org.