Privacy continues to be Facebook’s nemesis. The company’s envelope-pushing approach to privacy has repeatedly been the subject of complaints and litigation over the years. And now it’s caught between a court-mandated settlement and the US Federal Trade Commission (FTC).
Facebook recently settled a “Sponsored Stories” class action lawsuit for $20 million. That suit argued that Facebook had misappropriated users’ likenesses and other content without their consent. On August 29 Facebook updated its privacy policies to reflect the terms of that settlement.
The major change is reflected in the following paragraphs:
You give us permission to use your name, and profile picture, content, and information in connection with commercial, sponsored, or related that content (such as a brand you like) served or enhanced by us, subject to the limits you place. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you. If you have selected a specific audience for your content or information, we will respect your choice when we use it.
If you are under the age of eighteen (18), or under any other applicable age of majority, you represent that at least one of your parents or legal guardians has also agreed to the terms of this section (and the use of your name, profile picture, content, and information) on your behalf.
What those paragraphs essentially mean is that Facebook can use its members’ likenesses and content broadly in ads but will not show those ads outside the scope of individuals’ privacy settings. More controversially however Facebook is assuming parental consent on behalf of minors.
Under the terms of the settlement with the FTC Facebook is:
- barred from making misrepresentations about the privacy or security of consumers’ personal information;
- required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
- required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;
- required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
- required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.