IDG News Service - Facebook made "unacceptable" changes to its privacy settings at the end of last year that are detrimental to users, a coalition of European data protection officials warned the social-networking sites on Wednesday.
The warning, contained in a letter to Facebook from the Article 29 Data Protection Working Party, could spell more difficulties for Facebook, which was hit with a complaint to U.S. regulators over similar concerns earlier this month.
The working party told Facebook of the need for default settings that would only allow access to profile information and friends to self-selected contacts, and that access by search engines should be the explicit choice of users.
Facebook has moved to make even more of its users' information publicly available. The defaults settings are typically the most permissive, and users must manually change to more restrictive settings.
Privacy groups have said the settings are confusing, frequently change and some users aren't aware of the options, putting their personal data at risk.
Facebook's default settings allow certain information in a person's profile to be indexed by search engines unless a user changes it, according to the social network's policy.
In recent months, Facebook has modified its site to automatically share profile information with partners such as Microsoft Docs.com, Pandora and Yelp. Users must opt out by unchecking a specific box within Facebook's settings.
Facebook also expanded the amount of information publicly shared, allowing other personal information and preferences to be exposed even if a user has limited it to their circle of friends.
The Article 29 working party also sent letters to 20 other social network operators but highlighted its criticism with Facebook in a press release published on Wednesday.
In response, Facebook said it agreed with some of the contents of the letter, a copy of which was not available. But Facebook said it disagreed with a suggestion that people be allowed to use pseudonyms.
Facebook's policy that people must use their real names is also part of the May 5 complaint before the U.S. Federal Trade Commission, filed by the Electronic Privacy Information Center and 14 other privacy and consumer protection groups.
On Thursday, the company defended its stance on privacy, citing new controls for excluding indexing profiles by search engines and greater control over how Facebook applications handle user data.
"We feel that Facebook has been in the forefront of all kinds of sites, not just social networking sites, in giving our users granular controls which enable each user to customize many individual settings in order to share, or protect, as much information as they feel comfortable with," the company said in an e-mail statement.
The Article 29 working party doesn't have enforcement power, said Struan Robertson, a technology lawyer with Pinsent Masons. But the group is composed of data protection officials throughout Europe who could decide to refer a case to prosecutors for violation of European data protection regulations, he said.
The working groups is saying "that Facebook has crossed a line" where it is no longer sufficient to just give notice of changes but actively obtain users' consent, Robertson said.
"I think Facebook is at serious risk of losing its users' trust," Robertson said. "That may be the biggest threat to Facebook than European regulators or European courts."
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!