Facebook’s big privacy settlement today with the Federal Trade Commission sends a strong warning to hyperlocal news publishers, location-based services, and other sites that they must be completely transparent on how they use personal information of their users.
Facebook agreed to settle the Federal Trade Commission’s charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. In an eight-count complaint filed by the commission, the FTC alleged that Facebook:
- Changed its website so certain information that users may have designated as private — such as their Friends List — was made public. The FTC alleged “they didn’t warn users that this change was coming, or get their approval in advance.”
- Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. To the contrary, thethe apps could access nearly all of users’ personal data.
- Facebook shared personal information of its users with its advertisers, although it promised users that it would not share such information.
The FTC alleged that Facebook engaged in deceptive trade practices governed by Federal law. Facebook agreed to settle the FTC’s claim, and must honor the settlement for 20 years. Facebook agreed to (among other things):
- To obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
- To prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account; and
- To obtain independent, third-party audits certifying that it has a privacy program in place.
The settlement sheds light to the FTC’s thinking on privacy matters, and how it will may apply to hyperlocal news publishers and location-based services. The lessons from this settlement as regards hyperlocal include:
- Publishers need a user’s consent before making material changes to the way information is collected and used. For example, if a hyperlocal site or service wants to use registration information of its users to create a community directory that can be viewed on the site, publishers must notify users, get their consent and give them choices on whether or not to participate in such a directory before the user’s information is made public.
This column is for general information purposes only. Information posted is not intended to provide legal advice.
Brian Dengler is an eMedia attorney and journalist who covers legal issues in eMedia. He is a former Vice President of AOL, a former newspaperman and EMMY-winning TV journalist. He teaches eMedia management as an adjunct at Kent State University.