Facebook and the Federal Trade Commission are reportedly near a settlement over the company’s privacy policies.
But Facebook is not the first social network to capture regulators’ attention, and it is unlikely to be the last, experts say.
As companies use controversial methods to identify users and share their information, they are drawing increased scrutiny from the FTC and consumer advocates who say their privacy practices are not just deceptive, but also unfair.
The settlement talks between Facebook and the FTC, which were first reported by theWall Street Journal, stem from complaints two years ago over privacy changes made by the social networking site. Instead of just disclosing users’ names and networks, Facebook also began disclosing their profile photos, gender, and where they are from. Several privacy groups, led by the Electronic Privacy Information Center, filed a complaint with the Federal Trade Commission alleging the changes violated federal law.
Since then, the FTC has accused other social networking sites of violating users’ privacy. Last year, Twitter settled with the FTC over charges that it put customers’ privacy at risk by failing to safeguard their personal information.
In March, Google settled with the FTC over claims it forced Gmail users to opt-in to the short-lived social network Google Buzz. As part of the settlement, Google agreed to undergo yearly privacy audits for the next 20 years.
But last month, federal regulators settled a lesser-known case that may have paved the way for settlement talks with Facebook, privacy advocates say. The FTC settlement with Frostwire, a peer-to-peer file sharing application, involved charges that Frostwire’s default settings caused consumers to unwittingly share data on their mobile devices.
While the FTC claimed that Google and Twitter used privacy practices that were “deceptive,” regulators said Frostwire’s default privacy settings were also “unfair” — that users could not have been expected to know that their privacy was being violated. That separate argument set a precedent, giving regulators another legal avenue for going after Facebook and other social networking sites whose default settings have been controversial, privacy advocates say.
Some observers said a possible settlement between FTC and Facebook could actually benefit the social networking site by assuring users that a third-party will protect their personal data from exposure. Like the settlement with Google Buzz, Facebook would reportedly undergo annual privacy audits for the next two decades.
“It provides consumers and users of Facebook with a sense of security that the FTC is watching over these guys and they could be audited at any time so maybe my data’s a little safer,” Forrester analyst Fatemah Khatibloo said.
But Facebook may face further scrutiny for its use of facial recognition technology, which suggests friends’ names to tag in pictures. The software has drawn complaints from privacy advocates who say it can be used for police surveillance or by marketers who want to track Internet users without their consent.
In June, EPIC filed a complaint with the FTC regarding Facebook’s use of facial recognition software, claiming Facebook “will routinely automate facial identification and eliminate any pretense of user control over the use of their own images for online identification.” Regulators in Germany have said they plan to sue Facebook over its facial recognition software.
Apple has also used the technology to automatically tag users in photos. And while Google recently pulled facial recognition from its “Google Goggles” app amid privacy concerns, it uses the technology to allow users to unlock the Galaxy Nexus, a new Samsung phone that runs on Google’s Android operating system.
Next month, the FTC plans to hold a workshop on the privacy and security implications of facial recognition technology. In October, U.S. Sen. John Rockefeller, (.), chairman of the commerce committee, wrote a letter to the FTC, asking for a report from the workshop with suggestions on legislation.
“As in many fast growing and changing sectors, public policy has not kept pace with the development of this sort of technology,” Rockefeller wrote. “The privacy concerns are evident.”
Social networking sites are not the only ones whose privacy policies may find themselves in the FTC’s crosshairs. Some experts say companies that offer cloud storage, like Amazon and Apple, may also get a closer look from regulators over privacy concerns.
Last month, EPIC filed a complaint with the FTC after Verizon changed its business practices to reveal detailed personal information of its customers, including location data, web browsing and search histories, to other companies. Verizon said the information it discloses can’t be linked to individual customers, but EPIC said Verizon failed to establish techniques to protect customers’ identities.
Despite greater scrutiny from regulators, some predict businesses that collect user data will continue to put company profits before consumer privacy.
“It’s potentially impossible to run a media company and care deeply about privacy,” said Michael Fertik, CEO of, an online reputation management firm. “It doesn’t mean you don’t care — but you can’t care first because the only thing you have to sell is access to information.”