Facebook told by FTC that it can't do these privacy invasive things anymore
Facebook was fined $5 Billion USD today, July 24, 2019, by the FTC. More important from the perspective of Facebook users is that the company agreed to "new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its usersâ€™ privacy".
The list of restrictions and requirements is quite long; you can read the entire document here in PDF format if you are interested.
Here are the highlights:
- Sharing of non-public user information must be "clearly and conspicuously" disclosed and not hidden in privacy policies or similar legal documents. Facebook needs affirmative press consent from users.
- Facebook needs to make sure that information cannot be accessed by third-parties "from servers under Respondentâ€™s control after a reasonable period of time, not to exceed thirty (30) days, from the time that the User has deleted such information or deleted or terminated his or her account". Facebook furthermore needs to make sure that deleted information by users of the service is deleted from company servers in a reasonable period of time that does not exceed 120 days.
- Phone numbers that Facebook users added to their account for use in security protections, e.g. 2-factor authentication, may not be used by Facebook for advertising or sharing with third-party purposes.
- Facebook may not request or require as part of user log-ins, sign-ups, or authentication passwords to "independent, third-party consumer applications, websites, or services.
- Facebook needs to make regular automated scans to make sure that user passwords are not stored in plaintext, and if that is the case, protect the data cryptographically, delete it, or make it unreadable in other ways.
- Facebook is ordered to delete any existing Facial Recognition Templates within 90 days and may not create any new Facial Recognition Templates unless Facebook clearly discloses how it will use or share the data.
- Facebook needs to implement and maintain a comprehensive information security program designed to protect the security of user information.
- Facebook needs to implement and maintain a comprehensive privacy program that "protects the privacy, confidentiality, and Integrity" of user information collected, used, or shared by the company.
- Facebook must "obtain initial and biennial assessments" from "one or more qualified, objective, independent third-party professionals selected by the company itself and subject to "reasonable approval of the Independent Privacy Committee".
Now You: What is your take on the fine and new privacy restrictions?Advertisement