So many of us are on social media, it’s become a regular part
of each day. It’s almost odd when you
hear that someone is not on social media at all. “You’re not on Facebook? Really. Huh.” But Facebook’s missteps in protecting,
using, selling users’ personal data created deep concerns among many, most
importantly among regulators. As a result, today the Federal Trade Commission
announced a record-breaking settlement with Facebook, including a $5 billion
penalty and sweeping new restrictions for the social media giant.
So, what does this mean for the future and how will it affect Facebook’s
average user? On the surface, the average user may not notice much, but behind
the scenes there will be significant changes and new user protections.
Chief among them, Facebook will be required to restructure its
approach to privacy from the corporate board-level down with an independent
committee and a privacy assessor – neither of which are subject to oversight
from CEO Mark Zuckerberg. Additionally, Zuckerberg must certify Facebook’s
compliance with the FTC order, exposing him personally to civil and criminal
This settles Federal Trade Commission charges that the company
violated a 2012 FTC order by deceiving users about their ability to control the
privacy of their personal information.
The penalty for violating consumers’ privacy is 20 times greater than
any other privacy or data security penalty imposed in the world. To put it in context, the penalty imposed for
the Equifax data breach was $275 million.
This is not the only changes that will be coming down the road
for Facebook and many of the products associated with it. Let’s talk about privacy requirements that
you will see in the near future.
These new requirements from the FTC press release add the
following privacy requirements:
- Facebook must exercise greater oversight over
third-party apps, including terminating app developers who fail to certify they
are in compliance with Facebook’s platform policies or fail to justify their
need for specific user data;
- Facebook is prohibited from using telephone
numbers obtained as a security feature (e.g., two-factor authentication) for
- Facebook must provide clear and conspicuous notice
of its use of facial recognition technology, and obtain affirmative express
user consent prior to any use that materially exceeds its prior disclosures to
- Facebook must establish, implement, and maintain a
comprehensive data security program;
- Facebook must encrypt user passwords and regularly
scan to detect whether any passwords are stored in plaintext; and
- Facebook is prohibited from asking for email
passwords to other services when consumers sign up for its services.
Reporting on data breaches will be required as well. If 500 or more users’ data has been
compromised, they must be reported within 30 days of the company’s discovery of
the incident. Theses changes will also affect
the structure of the company and how they deal with privacy of its consumers
personal information and data.
Better Business Bureau understands the importance of ensuring
that businesses and consumers personal information and data’s security is of
the utmost importance. One of the
Standards of Trust of BBB is “Protect any data collected against mishandling
and fraud, collect personal information only as needed, and respect the
preferences of consumers regarding the use of their information.” Make sure
that you are diligent in your research and understanding of the best ways of
protecting your data and personal information.
For more information, please reach out to us at: www.bbb.org
You can find the full press release from the Federal Trade