Facebook told by FTC that it can't do these privacy invasive things anymore
Facebook was fined $5 Billion USD today, July 24, 2019, by the FTC. More important from the perspective of Facebook users is that the company agreed to "new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its usersâ€™ privacy".
The list of restrictions and requirements is quite long; you can read the entire document here in PDF format if you are interested.
Here are the highlights:
- Sharing of non-public user information must be "clearly and conspicuously" disclosed and not hidden in privacy policies or similar legal documents. Facebook needs affirmative press consent from users.
- Facebook needs to make sure that information cannot be accessed by third-parties "from servers under Respondentâ€™s control after a reasonable period of time, not to exceed thirty (30) days, from the time that the User has deleted such information or deleted or terminated his or her account". Facebook furthermore needs to make sure that deleted information by users of the service is deleted from company servers in a reasonable period of time that does not exceed 120 days.
- Phone numbers that Facebook users added to their account for use in security protections, e.g. 2-factor authentication, may not be used by Facebook for advertising or sharing with third-party purposes.
- Facebook may not request or require as part of user log-ins, sign-ups, or authentication passwords to "independent, third-party consumer applications, websites, or services.
- Facebook needs to make regular automated scans to make sure that user passwords are not stored in plaintext, and if that is the case, protect the data cryptographically, delete it, or make it unreadable in other ways.
- Facebook is ordered to delete any existing Facial Recognition Templates within 90 days and may not create any new Facial Recognition Templates unless Facebook clearly discloses how it will use or share the data.
- Facebook needs to implement and maintain a comprehensive information security program designed to protect the security of user information.
- Facebook needs to implement and maintain a comprehensive privacy program that "protects the privacy, confidentiality, and Integrity" of user information collected, used, or shared by the company.
- Facebook must "obtain initial and biennial assessments" from "one or more qualified, objective, independent third-party professionals selected by the company itself and subject to "reasonable approval of the Independent Privacy Committee".
Now You: What is your take on the fine and new privacy restrictions?
“What is your take on the fine and new privacy restrictions?”
In the first place, what makes anyone think that Facebook will actually adhere to the terms? They don’t exactly have a great track record on that count.
In the second place, I don’t see anything in the terms that addresses my big problem with Facebook: that they collect information about me and my use of my machines even though I don’t use Facebook or even have a Facebook account. I haven’t read the whole thing yet, though, so I may have missed it.
So, color me skeptical that this will make any real difference at all. Even the fine was too small to really affect them.
Long overdue I say. It’s a great step in the right direction.
No where near a big enough fine, they’ll find that down the back of their sofa. It needed to be at least 10 times that.
Considering how many times they’ve been fined for pulling the same old crap I don’t expect much to change this time either.
My take on the fine and new privacy restrictions is that the fine is finer than the restrictions which for some include margins of approximation allowing interpretation which of course Facebook will jump on. A good lawyer can sell sand to the Arabs.
“Sharing of non-public user information must be “clearly and conspicuously” disclosed and not hidden in privacy policies or similar legal documents”. What is Facebook’s definition of clarity and visibility?
“Facebook needs to (make sure) […]”. What needs to be done is making sure Facebook is making and making sure. The company must be checked regularly by a competent and independent organization as to its commitment to all restrictions.
I personally dream of the day Facebook simply vanishes, kicked out of the economy.
This will change exactly nothing. Also american organization tells to american company what not to do… yeah, it will change absolutely nothing. Not that I care, I don’t use facebook…
You of all people should know that they’ll track you at every chance they get, even if you don’t use their services.
I think it is unfair to dismiss this in its entirety. It’s a start. The bigger privacy issues, though, can’t be addressed by focusing on any one particular company, even one as big as Facebook. I want to be able to opt out from corporate (and government also, actually, but fat chance of that) maintenance of my data without my explicit permission. That will require legal actions that encompass all companies, not just some very large ones that are involved in antitrust issues. Europe is still probably the best hope for anything tangible in the way of privacy protections.
I would be less skeptical if this were the first time down this road. But Facebook has been subjected to restrictions before, only to ignore them after the heat dies down, so I don’t see why this time would be any different.
“Europe is still probably the best hope for anything tangible in the way of privacy protections.”
I agree. It seems very unlikely that we’ll see any strong protections like that at the federal level in the US, although some individual states are making an effort.
That will require legal actions that encompass all companies, not just some very large ones that are involved in antitrust issues. Europe is still probably the best hope for anything tangible in the way of privacy protections.
The American Congress is filled, with few exceptions, with old fogies that haven’t a clue how the internet works, let alone how Zuckerberg and his crew operate. The 2018 Congressional hearings were a cakewalk for Zuckerberg. Don’t expect ANY rational, enforceable legislation from the American government. They’re still arguing over whether the Russian’s hacked their election. DUH!
Why is the federal government involved in crap like this?? Facebook & Tweeter & Instygram are none of the damn gummints’ business. If idiots post personal info, it’s their problem.
Because what Facebook actually did was at odds with what they told their users they would do. The FTC’s authority about this sort of thing really boils down to enforcing that a company is actually doing what they promised to do. Facebook didn’t. That’s a form of fraud, and it seems to me that protecting people against fraud is a proper role for government.
Exactly what John Fenderson said, plus the fact that it’s a problem that affects everyone and not only those “idiots” as you said, that post their personal information. You should be aware that even if you’ve never used their services before they are still tracking you.
Ever wondered how a company that charges nothing for their services can be so huge? In 15 years only? Doesn’t it make you even a little skeptical about what this company really is?
This is too little, too late but it least it will hit the evening news cycle and maybe wake up a few people. The next step is to have Facebook purge any and all data they hold on people who have never willingly had anything to do with Zuckerberg’s spybot. You know, all that personal information they sucked out of Aunt Minnie’s address book or those tagged photos your naive friends and relatives posted.
I told people 10 years ago that fb and ms were fads that would disappear. I was wrong, fb morphed, instagram got popular and zuck promptly bought them out. fb is an advertising super giant. As long as they come up with products people use they will figure ways to find out everything they can about you and sell that data to anyone with money. People are shocked at each new revelation of how much data they collect but they wouldn’t be if they read the TOS.
The fine is a step in the right direction. The policy is just so much BS.
It reminds me of the institution where I used to work. They had a copyright policy and a sexual harassment policy, but that was for public ( and police) consumption. They outright ignored both policies in practice.
In the plain english: if FB accepts all these issues in practice it exactly means much smaller income.
So two and only two implications.
First-if the do it, it has to have a huge influence on the development of the service becouse of the obvious reason-money. Also shareholders won’t be so happy with also conequences
Second-they will try to bypass all these restrictions what means, this paper is a bs.
I sure do wish that fb was fined, and…. ordered by the FTC…a one year exit strategy followed by a big FAT shut down!
I sporadically login to check on my adult kids and gkids, and I am a musician.
I get so annoyed by peoples innocuous posts, like what they prefer, 2-ply – over 1-ply toilet paper or they decided they’re gonna write a song today…(or something along those lines.)
I idea behind fb…with respect to networking etc was too bad…but it has turned into the peoples pablum.
I think on how many times fb asked me to update, update, and more updating of my profile because…well, now I know why.
None of this Facebook nonsense should be an issue for intelligent people, with sufficient sense to know never to use sites like facebook, instagram, whatsapp, etc. These massive privacy risks should have been plainly obvious to any sentient being from the outset. Facebook would go away tomorrow if idiots stopped using it.
The largest problem I have with Facebook, and why I have such antipathy for the company, is that they collect data about you whether or not you actually use any of their services. So being smart and not using Facebook services (and I do think that’s smart) does not protect you as much as you might think.
One can block Facebook domains using the hosts file as I did plus installing several privacy browser add-ons. Anyway, once a machine is connected to the internet it cannot be fully secured.
Yes, you can do all that, but it won’t prevent Facebook’s spying. Even staying entirely off the internet won’t do that, since (like Google) Facebook also collects data about our real-world use of credit/debit cards. I believe — but I’m not certain — they also (like Google) have deals with brick-and-mortar stores to help them increase data collection on their customers.
Facebook’s privacy problems are not limited to the internet.
I really didn’t imagine Facebook had gone so far. I deleted my account long time ago but I am aware that my data is still in their database. If I knew what a nightmare Facebook would become I would never register in the first place. I still have Twitter because I want to follow people like Assange, Snowden, etc, but I may also delete my Twitter account too, it has become a giant censorship tool and a spyware machine too.
Luckily, I’m ‘old’ enough to say that there’s no need of Facebook, except maybe if you start a business and you want to achieve more customer (with all the advantages and disadvantages it brings). I see Facebook and fellas (also related to Libra cryptocurrency.) as a future supranational body when rules will be decided by a private company and even now some countries prefer to delegatate the the control of users traffic (the last sentence could be the cause of a misunderstandings but my english is not so good).
Cambridge analytica was a warning; honestly I see only an economic superpower that earn its business based on people data.
Off topic (or not): I’m not competent enough to understand how a any private company like Goandfind can geolocation you only based of your private number if your device is connected; ok, I realize if you choose to surfing on Google Maps or technicalities like browser geolocation API or GPS built-in enabled. Who sells geotargeting data?
Unluckily I’m not old enough to avoid in the future Murphy’s law on these issues :-)
@Shiva: “Who sells geotargeting data?”
Pretty much everybody who collects it. The largest offender on this score (in the US, anyway) is the cell phone providers themselves. They know where every phone is physically located as a necessary side-effect of being able to provide cell service to you, and are legally required to be able to determine the physical location of every cell phone to a greater degree than just which cell tower you’re talking with.
I read in the past about the US Congress’s law related to citizens privacy. If I understood well the reasoning was funny: in a similar way of the principle of substantial equivalence since there are already Facebook or Google collecting data from people, internet providers have been authorised to do the same (but there is a ‘little’ difference between phone providers and social sites or search engines…).
Anyway, generally speaking to be able to determine the physical location of every cell phone at the request of law enforcement is acceptable, it is not not for marketing purpose.
I have two reports about digital skills in my country: the first from OECD (the Skills Outlook Scoreboard), the second from AICA (Italian Association for Informatics and Automatic Calculation) about digital natives. Both describe a desolate situation where also the digital natives even though they are in confidence with technologies or internet, they don’t know exactly what they are doing.
Even if Europe is not US about privacy, I can image if a user receive a message on his smartphone with a link and probably without additional or too much informations for processing of personal data: what are the odds of clicking on the link to start the geolocalization? Needless to say about negative implications (stalking, ….).
(Everything I’m saying is from a US perspective. Your region can, and probably does, differ)
@Shiva: “since there are already Facebook or Google collecting data from people, internet providers have been authorised to do the same”
This is sadly true, however I was referring to cellphone service providers. They are not ISPs and are actually covered under different and more restrictive laws.
“generally speaking to be able to determine the physical location of every cell phone at the request of law enforcement is acceptable, it is not not for marketing purpose.”
That’s the way the law was intended to work. AT&T and other cell companies were recently scolded for violating that, and they said that they stopped — but it’s clear that they have not. Just like the last time they were scolded for it. It’s almost like a stern telling-off doesn’t bother them or something!
I thought a fine was meant to be painful, painful enough to act as a deterrant to further undesirable behavior.
MarketWatch shows Facebook’s Net Operating Cash Flow in 2018 to be $29.27B. Outstanding shares of FB at the end of March 2019 were 2.869B.
Today’s stock price went from an open of $202.36 and is currently trading after hours at $205.84 and going up rather quickly–$207 while jotting this down.
Guess that means FB has the fine covered and made $5B with the good news.
One may not use FB, but one can certainly invest with some strategic planning.
And . . . the company didn’t have to hand over any personal data already gathered!
Until someone grows a pair and bring in laws where individuals can expect jail time nothing will change. The FTC told them to change their ways years ago and FB basically ignored them. These token fines, they might sound huge to us but it’s not even a blip for them, do nothing.
Zuckerberg once said:”The idiots trust us.”
Well, I did read the Stipulated Order (Settlement) document and they got hammered severely.
I’ve been through similar adventures in Aerospace and Med Products when large deficiencies which took years to fix existed and nothing even remotely close to this document was issued. Some of the things asked make clear Facebook has none of the typical checks and balances present in reputable companies. Performing risk analysis on an entire corporation is a gargantuan task for an army of contractors.
FB is being treated as incompetent, unethical and wholly untrustworthy (they are!) and essentially being required to have independent firms oversee, audit and report periodically on privacy aspects of their operations. Any funny stuff results in perjury. The $5 billion charge is peanuts; the endless search for information for the next 20 years is priceless.
Google’s next? Who knows; this is a start.
BTW, I hate Facebook, its lousy interface, slimeball CEO and global malware “product.”
We’ll see. The order is only as good as the enforcement of it. Facebook has been subject to such orders in the past and have ignored them with little consequence. They’ll certainly try to do the same here after a couple of years of compliance. That will be the real test — will they be allowed to get away with doing that yet again?
Yeah, time will tell. Most of the big “tech” companies have been operating under a number of Consent Decrees, just coasting along under the radar with no real enforcement.
US DOJ is investigating FB as a monopoly and the other biggies’ privacy violations and national security problems. I believe it will become clear that none of them really have a good grasp on what their operations really do. How could they? Users’ data is so entwined at so many levels, I doubt it’s possible to know.
I don’t want a “Well regulated Internet” by government; but even less the current well regulated Internet by “tech.” Just needs to go back to when everyone wasn’t trying to sell something or acting as a free salesperson for a company that couldn’t care less about them.
“Facebook needs affirmative [ex]press consent from users.”
I’m not sure how to interpret this but if this part only means a by default unticked consent box that users are forced to tick to be able to make an account or keep their account, it’s far from enough and won’t change anything. GDPR covered this problem and required additionally the consent to be free, meaning you don’t lose anything for not giving your consent, like access to the service. Facebook should have been fined billions already for breaking GDPR but I don’t know if anything like that has happened yet.
Google and Microsoft are guilty of all of this too.
Don’t forget Sony! https://techcrunch.com/2019/07/24/facebook-ends-friend-data-access-for-microsoft-and-sony-the-last-2-of-its-legacy-partners-under-ftc-deal/
Why does M$ need to access friends data? Why does an android smartphone need to automatically send data to FB (and other cancers) even if relative apps are disables?
Facebooks attorneys will appeal the decision and nothing will change. They’ would have to jail him before he finds a way around those rulings to stand a chance to make it effective.
The easy way for all others would be a simple OptIn and OptOut function… OptIn means just that, while more important OptOut would automatically delete all data and links and any other connections to and from. The OptIn rule could be a step by step process were as everyone shall select which data can be put into and collected by such system. All the while a few corporations only can and will hold all people on this planet at ransom… after all they should be viewed as an integral part of US foreign strategies
The pushback has begun. In Europe and America. There’s an anti-trust procedure going on as well. Good.
So again the politicians waste a opportunity and allow the big tech company that violate people’s privacy to keep on collection the private data of people who do not use their services or are forced to by employees.
Facebook can still collects nonusers data from users phone contact list via WhatsApp. They can still use facial recognition on photo’s posted by users to make profiles of people in the photo who are not Facebook users.
Good job FTC, you have given our kids a bright future! Now in the years between now and the next opportunity, millions of new teens will have their private data collected by tech companies and so lose their privacy.
Break ’em up.
It tells you what to do, and what to say, and where to do it, and how to say it.
It’s too invasive. It’s too big. It’s too powerful. It’s omnipotent. It’s evil.
Never trust FaceBUTT with anything. I trust Cambridge Analytica not to reveal my privates. Facebook, no.
I block ads, and all Facebook domains with my hosts file. I pay for sites I use regularly. I’d rather pay than deal with advertisements. I give this site an ongoing donation through Patreon.
it will not be the last time that Sugarmountain does not tell the truth
This is part of a general trend. Have a look at that Google engineer spilling the beans :
Text : https://www.projectveritas.com/2019/07/24/current-sr-google-engineer-goes-public-on-camera-tech-is-dangerous-taking-sides/
Video : https://youtu.be/ricI5t66cj8
Do people actually fall for this crap? Facebook along with all the other platforms are the branches of what I call, Online policing, profiling, future crimes prediction etc., and the governments need them to make their jobs easier and lucrative. These hearings, fines are nothing but a fart on people’s face….fools will smell and snooze until another fart is being prepared. Repeat x lifetime.
There is no such things as “the governments”. Other big corporations have been broken up before. Reading history is interesting, and can help evaluate current situations.