Facebook May Settle In Privacy Case

Facebook is reportedly on the verge of agreeing to a settlement with the federal government over claims it misled users regarding its privacy policies. The settlement wouldn't involve a formal admission of guilt, but would have lengthy consequences for the social networking company.

The case, brought by the Federal Trade Commission (FTC), is based on allegations that Facebook does not always obtain a user's permission before changing the way it handles that user's personal data.

Instead, Facebook simply applies the changes it wants on an opt-out basis, in effect asserting that it can apply new rules to its handling of personal data unless and until a user objects.

Default Free-For-All Raises Ire

The specific issue at stake is a December 2009 rule change in which Facebook revamped its privacy controls to allow users to choose whether basic information (such as name, gender and friend names), should be available to anyone online, only to Facebook friends, or to people in between such as "friends of friends" and people from the same school or city. (Source: nytimes.com)

Facebook claimed its new rules were intended to give users more control over their personal data. But while making the change, Facebook automatically set all users to the "publicly available" option.

This forced Facebook users to actively change their settings to a more private one, if they so desired -- assuming, of course, they were even aware Facebook had suddenly made their personal data publicly available.

The rule change led to formal complaints to the FTC from various privacy groups, such as the Electronic Privacy Information Center ("EPIC"). According to the Wall Street Journal, the two sides have agreed to a settlement in principle, with the deal simply awaiting formal approval by the FTC. (Source: wsj.com)

Facebook Faces Independent Audits For 20 Years

The settlement reportedly covers two main issues:

First, Facebook would agree to have its privacy policies independently audited for the next 20 years. Considering the site launched only seven years ago, that's a significant length of time.

To put it into context, a Microsoft case involving alleged anti-competitive behavior led to US government oversight for only 13 years.

Second, Facebook would also agree to obtain prior approval from users before changing some, but not all, privacy settings in the future.