Facebook Nears Settlement with FTC on Charges 'Misled Users About their Data', Agreed to 20 Years of Privacy Audits

Facebook is nearing a settlement with the US Federal Trade Commission (FTC) that will subject the company to 20 years of "privacy audits."Under the terms being discussed, the agreement would require Facebook to submit to independent privacy audits for 20 years, the people familiar with the matter said.According to people familiar with the talks, the […]

Facebook-FTCFacebook is nearing a settlement with the US Federal Trade Commission (FTC) that will subject the company to 20 years of "privacy audits."

Under the terms being discussed, the agreement would require Facebook to submit to independent privacy audits for 20 years, the people familiar with the matter said.

According to people familiar with the talks, the settlement would require Facebook to obtain users' consent before making "material retroactive changes" to its privacy policies. That means that Facebook must get consent to share data in a way that is different from how the user originally agreed the data could be used, reports Wall Street Journal.

The social network, with 800 million world-wide users, has faced repeated complaints from users that it changed policies to disclose more of their personal information without adequate notice from the company.

The settlement stems from changes Facebook made to its privacy settings in December 2009 to make aspects of users' profiles--such as name, picture, city, gender, and friends list--public by default. At the time, Facebook founder Mark Zuckerberg described the changes as a "simpler model for privacy control."

Users complained and several privacy advocates, led by the Electronic Privacy Information Center, filed a complaint with the FTC, alleging the changes were unfair and deceptive.

A person familiar with the matter said the Facebook settlement does not require users to expressly agree to all changes made on the site.

This person said the agreement prohibits Facebook from making information that's already on the site available to a wider audience than previously intended, without the user's express consent. In general, the settlement won't dictate how Facebook obtains user consent for new features.

One point of negotiation between Facebook and the FTC was over the length of time a third party would be required to audit the company's privacy settings, said one person. Facebook wanted just five years, and the FTC wanted a 20-year commitment.

Facebook ultimately agreed to 20 years, said the person.

In a recent interview with Charlie Rose, Mr. Zuckerberg said the company is working to make it easier for people to control their privacy on Facebook.

In addition to the privacy audits, according to the New York Times, Facebook would also be prevented from subsequently making public any information that was shared privately, without explicit consent from users.

"It's getting more and more important to be increasingly clear and give people those controls," he said of the site's privacy settings. "I don't think we're at the end. I think we're going to need to keep on making it easier and easier, but that's our mission."