The review comes as Facebook's proposed policy changes cause controversy
The FTC's review is not an inquiry, but part of a regular monitoring program set in place after a 2011 settlement with Facebook, an agency spokesman said Wednesday.
The social networking site proposed updates in August to its policies that explain how people's content is used in advertisements for which they receive no compensation. Facebook contends the change merely clarifies language that already allowed such use.
As a result, six privacy groups complained to the FTC in a Sept. 4 letter, saying the changes to its Data Use Policy and Statement of Rights and Responsibilities violate the 2011 settlement.
The proposed change to Facebook's Statement of Rights and Responsibilities states that users give permission to Facebook to use their name, profile picture and content in connection with commercial, sponsored or related content.
"This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you," according to the proposed update. It goes on to state, "We do not give your content or information to advertisers without your consent."
A Facebook spokesman said via email that "we routinelyA discuss policy updates with the FTC and this time is no different. Importantly, our updated policies do not grant Facebook any additional rights to use consumer informationA in advertising. Rather, the new policies further clarify and explain our existing practices."
Facebook reached an agreement with the agency in November 2011 after the agency alleged the site was repeatedly sharing information that users believed was private. Under the settlement terms, Facebook admitted no guilt but agreed to obtain users' consent before sharing their information beyond their established privacy settings.
Under the FTC order, Facebook isn't required to submit changes to its privacy and data use policy to the agency. But the order does require Facebook to obtain third-party certifying audits every two years over the next 20 years to ensure its privacy program meets or exceeds the order's requirements.
Facebook has faced other legal pressure over how it has used people's data.
The U.S. District Court for the Northern District of California approved on Aug. 26 the establishment of a US$20 million fund for people whose personal information was allegedly used without permission in "sponsored stories," an advertising product that draws on items people have indicated they "Like" on the site.
Facebook will pay $15 each to users who submitted valid claims and were part of the class-action suit, filed in 2011. The settlement also called on Facebook to makes changes to its Statement of Rights and Responsibilities to give users clearer guidelines on how their information is used in sponsored stories.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Gov't Legislation/Regulation White Papers | Webcasts