EFF is disappointed by the terms of the settlement agreement announced today between the Federal Trade Commission (FTC) and Facebook. It is grossly inadequate to the task of protecting the privacy of technology users from Facebook’s surveillance-based system of social networking and targeted advertising.
This settlement arises from the FTC’s 2012 settlement order against Facebook, concerning the company’s deceptive statements about user privacy. Facebook violated the 2012 FTC order through its role in the Cambridge Analytica scandal, which violated the privacy rights of millions of Facebook users.
Today’s FTC-Facebook settlement does not sufficiently protect user privacy. For example:
- The agreement does not limit how Facebook collects, uses, and shares the personal information of its users. It is not enough for the agreement to require Facebook to conduct its own privacy review of new products; that just empowers Facebook to decide its own collection, use, and sharing practices.
- The agreement does not provide public transparency regarding how Facebook collects, uses, and shares personal information, or how Facebook implements the FTC settlement. It is not enough for only Facebook and the government to have this information.
- This agreement does nothing to address Facebook’s market power in social networks and internet advertising, and may risk cementing Facebook’s market power.
These deficiencies are not cured by the $5 billion fine against Facebook. For a company the size of Facebook, this is not an effective deterrent against future violations of user privacy.
If the FTC were serious about putting a dent in the privacy problems created by Facebook’s targeted advertising business model, it could have taken aim at two of Facebook’s biggest sources of information: data brokers and third-party tracking.
Some provisions of the settlement agreement are positive. For example, it requires Facebook to delete existing face recognition templates, and bars Facebook from creating new ones, absent the user’s informed opt-in consent. Also, the settlement bars Facebook from using phone numbers provided by users to enhance their security (i.e., for two-factor authentication) for advertising purposes. Unfortunately, the settlement does not address Facebook’s other egregious abuses of user phone numbers, including exposing two-factor authentication numbers to public reverse lookup, and vacuuming up “shadow” contact information that users never gave to Facebook in the first place.
Taken as a whole, this settlement is bad news for consumer privacy. But this is bigger than Facebook. Its surveillance-driven targeted ad business model is common across the web. To protect user’s privacy rights, we need solid consumer data privacy legislation.
Adam Schwartz is a Senior Staff Attorney with the EFF’s civil liberties team.
Previously, he served as a Senior Staff Attorney at the ACLU of Illinois, where he worked for 19 years. His cases at the ACLU challenged the criminalization of civilian audio recording of on-duty police, abusive border detentions of Muslim and Arab citizens caused by the federal Terrorism Screening Database, AT&T’s collaboration with the NSA’s dragnet surveillance program, and public access to information about Illinois’ Statewide Terrorism and Intelligence Center. He also advocated for policy reform regarding drones and location tracking, and wrote reports about surveillance cameras and fusion centers. His other ACLU cases addressed youth prisons, police detentions of pedestrians and motorists, free speech, religious liberty, and drug testing of public housing residents.
Adam clerked for Judge Betty B. Fletcher of the U.S. Court of Appeals for the Ninth Circuit. He has a J.D. from Howard University and a B.A. in Economics from Cornell University.
This article was sourced from EFF.org
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.