Facebook’s Privacy Settlement Is a Warning for Hyperlocals

Share this:

Facebook’s big privacy settlement today with the Federal Trade Commission sends a strong warning to hyperlocal news publishers, location-based services, and other sites that they must be completely transparent on how they use personal information of their users.

Facebook agreed to settle the Federal Trade Commission’s charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. In an eight-count complaint filed by the commission, the FTC alleged that Facebook:

  • Changed its website so certain information that users may have designated as private — such as their Friends List — was made public. The FTC alleged “they didn’t warn users that this change was coming, or get their approval in advance.”
  • Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. To the contrary, thethe apps could access nearly all of users’ personal data.
  • Facebook shared personal information of its users with its advertisers, although it promised users that it would not share such information.

The FTC alleged that Facebook engaged in deceptive trade practices governed by Federal law. Facebook agreed to settle the FTC’s claim, and must honor the settlement for 20 years. Facebook agreed to (among other things):

  • To obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
  • To prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account; and
  • To obtain independent, third-party audits certifying that it has a privacy program in place.

The settlement sheds light to the FTC’s thinking on privacy matters, and how it will may apply to hyperlocal news publishers and location-based services. The lessons from this settlement as regards hyperlocal include:

  • Hyperlocal sites and location-based services should have a privacy policy that transparently discloses what information from the user is collected, how it is collected, how it is used, how it will be shared, what security is offered for this data, and what options users have with the use of their data.
  • Hyperlocal sites and location-based services should not make promises about the use of a user’s data that are not true. For example, publishers should not promise that they won’t share personal information with their user with third parties and then share the information without the user’s consent. In the Facebook situation, Facebook’s privacy policy promises that it would not share data that identified its end users personally with advertisers, which the FTC claimed wasn’t true. That drew the attention of the FTC.
  • Publishers need a user’s consent before making material changes to the way information is collected and used. For example, if a hyperlocal site or service wants to use registration information of its users to create a community directory that can be viewed on the site, publishers must notify users, get their consent and give them choices on whether or not to participate in such a directory before the user’s information is made public.

This column is for general information purposes only. Information posted is not intended to provide legal advice.

Brian Dengler is an eMedia attorney and journalist who covers legal issues in eMedia. He is a former Vice President of AOL, a former newspaperman and EMMY-winning TV journalist. He teaches eMedia management as an adjunct at Kent State University.