While I am not sure the FTC went quite far enough (mandatory audits but no fines seems a bit toothless), it is at least a clear message that the FTC is getting increasingly serious about enforcing privacy regulations.
The short lesson to businesses online: “Do what you say you are going to do, when it comes to privacy policies!”
Facebook and the FTC today finalized their earlier announced settlement over charges that Facebook had “deceived” its customers by “telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.” Unlike this week’s earlier $22.5 million FTC settlement with Google, Facebook does not face any financial penalties because the FTC does not have the authority to levy fines when it enters an initial agreement like this one (it can only impose fines when companies violate the agreement). Instead, the company will have to promise that it will give its users “clear and prominent notice” and get their consent before sharing their information beyond their privacy settings. In addition, Facebook will have to submit itself to biennial privacy audits for the next 20 years and maintain a “comprehensive privacy program.”
The FTC launched its investigation into Facebook’s privacy practices in 2011 and…
View original post 263 more words