Facebook is reportedly ready to settle a privacy complaint with the FTC, agreeing to get consent from users before making private data public and to performing privacy audits for the next 20 years.
At issue is Facebook's decision in December 2009 to make sweeping and retroactive changes to user profiles, including requiring all users to have their profile images, cities of residence, and expressed interests made public.
Facebook's "simplified" privacy settings also changed users' default settings to make status updates fully public. Other settings that had been private or limited to only "Friends" became visible to "Friends of Friends" and to third-party developers. Even though users could manually change many of these defaults, most (reportedly about 80%) did not.
In May 2010, Facebook further required that "likes," employment information and schools attended be linked to public pages, prompting privacy groups to file unfair trade complaints against Facebook with the FTC. Those complaints, and increasing concern from Congress and federal agencies over online privacy issues, eventually led Facebook to this settlement.
According to the Wall Street Journal, under the agreement reportedly submitted to the FTC for final approval, Facebook would no longer be allowed to make any of user information any more public than previously agreed without the user's direct consent.
The legal phrase invoked is "material retroactive changes" to user privacy settings. This means that Facebook doesn't need current users' consent to make small changes that don't make their information any more public. Facebook is also free to change the default privacy settings for new users or new features that require new data.
Facebook has also reportedly agreed to an independent audit of their privacy policies for the next 20 years. This is basically identical to the terms of the agreement Google struck with the federal government in March over the Buzz debacle, after they too made once-private user information public without permission.
In the past year, the trend on social networks has largely tended towards granular control of all shared content. For instance, on both Facebook and Google+, users are asked to select which users or group of users they would like to share with for each and every status update — the same basic social media entry that had once defaulted automatically to public for all updates less than two years ago.
Privacy on social media, though, has two parts. The first is what information is made visible to other users or to the public web. The second is how all personal information, however theoretically "private," is used by social media companies to deliver advertising, recommendations or other services.
Changes to user settings are literally the tip of the iceberg. Social media companies like Facebook, Google or Twitter have a strong incentive to keep both users and the federal government happy — and far away from the nuts and bolts of their business.
Additional writing and reporting by Ryan Singel.
