The agreement — unlike the $22.5 million agreement with Google announced yesterday — doesn’t call for any monetary penalty. It does, however, require Facebook to undergo privacy audits from an independent third party every two years for 20 years. Additionally, the company says it will now give consumers “clear and prominent” notice of its privacy practices, obtaining “express consent” before sharing their information beyond the limits to which were originally agreed.
The lone and vocal commission dissenter on the agreement was Commissioner J. Thomas Rosch, who objected to the fact that Facebook wasn’t required to admit to deceptive privacy practices as part of the agreement. He also expressed concern that the agreement didn’t sufficiently address the entire “Facebook environment” — as the privacy practices of Facebook apps weren’t specifically mentioned.
The settlement stems from an investigation launched after Facebook changed its privacy settings in 2009, allowing certain information to be shared when users had previously declared a desire to keep it private. The agreement with the FTC notably didn’t require Facebook to revert to pre-2009 privacy settings, as consumer watchdog groups like theElectronic Privacy Information Center (EPIC) and the World Privacy Forum had recommended.