Wow, this list is brutal:<p><i>-In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.<p>- Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.<p>- Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.<p>- Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.<p>- Facebook promised users that it would not share their personal information with advertisers. It did.<p>- Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.<p>- Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.</i>
So the penalty for ongoing repeated lies and fraud is....<p>nothing. Zero. The FTC has investigated, and the settlement is zero money and zero penalties. Not one dollar. Whew! I'm glad they were punished! They won't do THAT again!<p>The U.S. is really in late-stage empire breakdown. I don't think there is any significant enforcement of any laws whatsoever against companies and people that are reasonably well connected. The only thing keeping the society from total breakdown is inertia.
There is a lot of nonsense legal interpretation in this thread. Did anyone actually read the settlement?<p>You commit fraud if you make any intentional deception in order to benefit yourself, or to harm others. If you intentionally make public commitments that turn out to be false, and you thereby cause some harm to another person, you have committed a fraud.<p>The FTC is empowered to enforce criminal and civil penalties for fraud on behalf of consumers. From the FTC website: "When the FTC was created in 1914, its purpose was to prevent unfair methods of competition in commerce as part of the battle to bust the trusts. Over the years, Congress passed additional laws giving the agency greater authority to police anticompetitive practices. In 1938, Congress passed a broad prohibition against unfair and deceptive acts or practices.”<p>From the FTC's Facebook settlement statement, it's perfectly clear that the FTC believes that Facebook is guilty of committing widespread and repeated deceptions in violation of the law.<p>The settlement itself is tantamount to saying that Facebook has had its last warning, and is on very thin ice with the FTC.<p>Feel free to complain about whether such a "penalty" is effective. We won't really know until the next time Facebook breaks the law.
Many have posted to this thread with complaints that boil down to "this is a slap on the wrist because they are well connected". If you were the FTC, what would you do to Facebook in this case, how would it be supported in law and what long term change for the better would your action create?<p>Privacy is a civil good but it is a fine line to walk indeed to punish an innovator during a recession. Where's the happy medium?
I never understood why bodies like the FTC rely on 'independent, third-party audits' for enforcement, since they end up making the entire action pointless.<p>The independent third-party auditor will give Facebook a stamp of approval, both in the next 180 days and every two years thereafter, because the independent third-party auditor wants the repeat business.<p>Same thing goes for any regulation that depends on a third party, really. I mean, over the last six years how often is a 409a valuation not to the board's liking? Somehow, magically, the auditors collect their fees from the company and then independently deliver an acceptable answer.<p>Might as well not have the regulations - or just fine the company something meaningful - instead of engaging in this goofy kabuki theatre.
Specifically, under the proposed settlement, Facebook is:<p>"barred from making misrepresentations about the privacy or security of consumers' personal information;"<p>Is this implying companies are allowed to lie? Seems redundant.
This just means that Facebook privacy changes will have the imprimatur of the FTC from now on, which FB paid for with the airing of a little bit of dirty laundry.<p>The fix is in.
Okay so question on this one.<p>- required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;<p>Does this include people that have already deleted their account? Does this also include Government agencies and such from seeing the >30 day deleted data? I'd like to know that after permanently deleting my account all my stuff is gone, but I don't really see anywhere that says that's true. Meaning the site is still destroying my privacy even after I've decided to have nothing to do with the account.
It is our mistake we made them now they sell us as product
<a href="http://news.ycombinator.com/item?id=3293936" rel="nofollow">http://news.ycombinator.com/item?id=3293936</a><p>When I created an account with HN using Google account via ClickPass, one of the screen steps before I grant access to ClickPass, Google advised me to not grant it and if I do it I can cancel it any time which it will prevent ClickPass to access to my account information and my password.<p>This warning statement is not new; it’s there everywhere when you grant any application to use your Facebook, Twitter, Google ... etc accounts.<p>In the mean time Google Search is nothing without us, because "we are the product", they sell (us to third parties or Governments) or use our "private information" or what they told us it’s private without approval from us.<p>Facebook is doing same thing and that’s why their entire business model under fire in the EU. <a href="http://venturebeat.com/2011/11/28/facebook-advertising-eu/" rel="nofollow">http://venturebeat.com/2011/11/28/facebook-advertising-eu/</a> Do you remember what happened in 2008 with Google’s Evil EULA (<a href="http://www.theregister.co.uk/2008/09/03/google_chrome_eula_sucks/" rel="nofollow">http://www.theregister.co.uk/2008/09/03/google_chrome_eula_s...</a>)?<p>Now, are we "the product" still having any privacy? Are we safe? How far we can trust those businesses?<p>Should we keep using their services; and later complain about how evil their Terms and conditions or EULA are???
I wonder how this settlement compares to EU Data Protection Law. Is it possible FB could abide by FTC rules and still be outside EU rules? Will FB use this "We're OK by the FTC now!" as a claim to be not so bad in the EU?
> Obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.<p>This is assuming Facebook will be around in 20 years.
I am strangely reminded of that episode in 30 rock where tracy realizes he can just pay a fine to make obscene comments and do obscene things on TV ...
so is Google for google buzz, the capability of the ftc to monitor and/or do more than a slap on the wrist is no existent<p>the monitoring is facebook telling the ftc - we are all cool over here bro and the ftc taking them at their word
You know... people could just take responsibility for sharing their private information. If they don't think a website "privacy policy" is enough of an assurance, it is their fault for accepting that risk.<p>FB should not be blamed for sharing information that others freely share with FB. It's ridiculous. It's even more ridiculous to think that government regulation is somehow needed to protect privacy. How absurd.<p>"I keep using this service and they don't do what I want! But I keep sharing my information with them."<p>Come on. At a certain point, individuals need to accept that THEY maintain a relationship with FB as well.