Facebook has agreed to settle a Federal Trade Commission complaint by promising to obtain users' express consent before sharing their information with a wider audience than in the past.
The social networking service also promised to prevent anyone from accessing deleted accounts within 30 days of deletion. Plus, Facebook agreed to institute a comprehensive privacy policy and to submit to audits for 20 years.
The proposed settlement, announced Tuesday, would resolve an FTC complaint alleging that Facebook deceived users by repeatedly sharing information that users believed would be private when uploaded. The FTC's 19-page complaint, unveiled on Tuesday along with the proposed settlement, spells out a variety of ways that Facebook allegedly deceived users.
Among others, in December of 2009 Facebook reclassified a host of data about users as “public” -- including people's names, photos and friend lists. “They didn't warn users that this change was coming, or get their approval in advance,” the FTC said in a statement. That Facebook shift also prompted the Electronic Privacy Information Center and other groups -- including the American Library Association, Center for Digital Democracy and Consumer Federation of America -- to file a complaint against the company.
The FTC also said that Facebook broke promises to users by allowing app developers to access profile information they didn't need. “A platform application with a narrow purpose, such as a quiz regarding a television show, in many instances could access a user’s relationship status, as well as the URL for every photo and video that the user had uploaded to Facebook’s Web site, despite the lack of relevance of this information to the application,” the FTC said in its complaint.
The authorities also alleged that Facebook shared some users' names with advertisers via referrer headers. (Facebook recently prevailed in a lawsuit stemming from that same issue. A judge in that case ruled that the users weren't harmed by any disclosures and, therefore, couldn't pursue their claim in court.)
Facebook CEO Mark Zuckerberg said in a blog post that the company had made “a bunch of mistakes.” He added: “I think that a small number of high-profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we've done.”
Zuckerberg also noted that Facebook had already fixed some of the issues noted by the FTC.
In the last two years, Facebook revised its privacy controls to give users more say over who can access their data. But the social networking service hadn't promised prior to Tuesday to seek users' opt-in consent to future privacy-related changes.
Sen. John Kerry (D-Mass.), who introduced an online privacy bill earlier this year, praised the deal.
“This settlement will help ensure that companies keep their promises to consumers and give those consumers a real voice in how their information is used, distributed, and managed,” Kerry stated. “These priorities are consistent with what Senator McCain and I had in mind when we introduced our Internet Privacy Bill of Rights.”
The terms of the Facebook settlement, which were first rumored earlier this month, are in line with the FTC's settlement with Google over its launch of Buzz. That deal requires Google to create a comprehensive privacy program and submit to independent privacy audits for the next 20 years. Google also promised that it will obtain people's express consent before sharing their information more broadly than its privacy policy allowed at the time of collection.
Buzz created social networks out of people's Gmail contacts. At launch, the service revealed information about the names of users' email contacts, if users activated Buzz without changing the defaults. That design meant that a host of confidential information could inadvertently become known, including the names of Gmail users' doctors, lawyers or coworkers.
The FTC will accept comment on the proposed Facebook settlement until Dec. 30.
by Wendy Davis
Wednesday, November 30, 2011
Wednesday, November 9, 2011
FTC Accuses Video Ad Network Of Using Flash Cookies For Tracking
In a first, the Federal Trade Commission has charged an ad network with engaging in a deceptive business practice by allegedly using Flash cookies to track Web users.
The regulators' complaint, unveiled on Tuesday, alleges that video ad network ScanScout violated its privacy policy by using Flash cookies from 2007 to 2009 in order to track users' online activity to serve them targeted ads.
Flash cookies were originally designed to remember users' preferences for online video players and other applications, but some companies use such cookies to store the same type of information that is normally found on HTTP cookies. Flash cookies are stored in a different place in people's browsers than HTTP cookies and, until recently, couldn't be deleted or blocked through browser controls.
ScanScout, which was acquired last year by Tremor Media, allegedly said in its privacy policy that users could opt out of receiving cookies by changing their browser settings. That statement was deceptive, the FTC says in the complaint.
“ScanScout represented, expressly or by implication, that consumers could prevent ScanScout from collecting data about their online activities by changing their browser settings to prevent the receipt of cookies,” the FTC alleges. “Consumers could not prevent ScanScout from collecting data about their online activities by changing their browser settings to prevent the receipt of cookies. Therefore, the representation ... was false or misleading.”
The case comes almost two years after consumer protection head David Vladeck expressed concern that companies were thwarting users' privacy settings with Flash cookies. Since then, several other companies have been accused of tracking people with Flash cookies and three companies -- Quantcast, Clearspring and Say Media's VideoEgg -- agreed to pay a total of $3.4 million to settle civil lawsuits.
The FTC hasn't publicly accused any companies other than ScanScout of using Flash cookies deceptively.
The same day that the FTC announced the complaint, it also announced that Tremor had agreed to settle the charges by promising to notify Web users about tracking and allow them to opt out. The company specifically said it will allow users to opt out of the collection of most data containing unique identifiers, including an IP addresses. The proposed settlement allows Tremor to continue collecting data from opted-out users for some purposes, including frequency capping, fraud prevention and age verification.
Tremor said two months ago that it planned to roll out the you-are-being-targeted icons developed by the umbrella group Digital Advertising Alliance on video ads. The company isn't admitting wrongdoing as part of the proposed settlement.
Tremor also is facing a lawsuit in federal court in Boston by consumers over ScanScout's alleged use of Flash cookies. Defendants in that case include AOL and Brightcove. All recently filed court papers asking for the matter to be dismissed. ScanScout said in its court papers in that matter that it “never used Flash or any other technology to respawn deleted cookies.”
by Wendy Davis
The regulators' complaint, unveiled on Tuesday, alleges that video ad network ScanScout violated its privacy policy by using Flash cookies from 2007 to 2009 in order to track users' online activity to serve them targeted ads.
Flash cookies were originally designed to remember users' preferences for online video players and other applications, but some companies use such cookies to store the same type of information that is normally found on HTTP cookies. Flash cookies are stored in a different place in people's browsers than HTTP cookies and, until recently, couldn't be deleted or blocked through browser controls.
ScanScout, which was acquired last year by Tremor Media, allegedly said in its privacy policy that users could opt out of receiving cookies by changing their browser settings. That statement was deceptive, the FTC says in the complaint.
“ScanScout represented, expressly or by implication, that consumers could prevent ScanScout from collecting data about their online activities by changing their browser settings to prevent the receipt of cookies,” the FTC alleges. “Consumers could not prevent ScanScout from collecting data about their online activities by changing their browser settings to prevent the receipt of cookies. Therefore, the representation ... was false or misleading.”
The case comes almost two years after consumer protection head David Vladeck expressed concern that companies were thwarting users' privacy settings with Flash cookies. Since then, several other companies have been accused of tracking people with Flash cookies and three companies -- Quantcast, Clearspring and Say Media's VideoEgg -- agreed to pay a total of $3.4 million to settle civil lawsuits.
The FTC hasn't publicly accused any companies other than ScanScout of using Flash cookies deceptively.
The same day that the FTC announced the complaint, it also announced that Tremor had agreed to settle the charges by promising to notify Web users about tracking and allow them to opt out. The company specifically said it will allow users to opt out of the collection of most data containing unique identifiers, including an IP addresses. The proposed settlement allows Tremor to continue collecting data from opted-out users for some purposes, including frequency capping, fraud prevention and age verification.
Tremor said two months ago that it planned to roll out the you-are-being-targeted icons developed by the umbrella group Digital Advertising Alliance on video ads. The company isn't admitting wrongdoing as part of the proposed settlement.
Tremor also is facing a lawsuit in federal court in Boston by consumers over ScanScout's alleged use of Flash cookies. Defendants in that case include AOL and Brightcove. All recently filed court papers asking for the matter to be dismissed. ScanScout said in its court papers in that matter that it “never used Flash or any other technology to respawn deleted cookies.”
by Wendy Davis
Subscribe to:
Posts (Atom)