Privacy and technology groups generally applauded a wide-ranging settlement between Facebook and the U.S. Federal Trade Commission over the social-networking site's privacy practices.
The FTC alleged that Facebook repeatedly deceived users by saying their data was private when it wasn't.
The settlement, announced Tuesday, seems "very fair" on balance, said Marc Rotenberg, president of the Electronic Privacy Information Center (EPIC), a privacy group that spearheaded a complaint filed against Facebook at the FTC nearly two years ago.
Rotenberg, however, called on the FTC to require Facebook to roll back changes in its data sharing practices made in December 2009. Facebook changed "its users' privacy settings without their consent," making some private information public, he said.
The settlement doesn't appear to require Facebook to restore those privacy settings, Rotenberg said. "The practical consequence is that the company will be able to continue to use and market and disclose information from users that we believe was improperly obtained," he said.
The settlement should give Facebook users greater control of their information going forward, Rotenberg said, but the U.S. has no comprehensive privacy law. That means other online companies are not subject to this settlement, he said.
The settlement requires Facebook to create a comprehensive privacy program and to open itself up to independent audits of its privacy practices every other year for 20 years. The agreement bars the company from making misrepresentations about the privacy or security of consumers' personal information, and it requires Facebook to obtain consumers' consent before making changes that override privacy preferences.
The settlement also requires Facebook to prevent anyone from accessing a user's information no more than 30 days after users have deleted their accounts.
The FTC's settlement is as strong as the agency could achieve, said Jeffrey Chester, executive director of the Center for Digital Democracy, another privacy group. Facebook continues to be "in the middle of an expansive data collection system," Chester said. "Since 2007, the social media giant has purposefully worked to erode the concept of privacy by disingenuously claiming users want to share all their personal information."
The settlement could allow privacy and consumer groups to force Facebook to develop better privacy practices, but those groups will have to be vigilant, Chester said.
"I believe Facebook will try and continue the largely invisible to users tactics that harvest and distribute tremendous amounts of information about users and their networks," he said. "Privacy groups will have to work overtime to try and keep the FTC zeroed in on Facebook's future practices. The social giant clearly wanted to get past this so it could cash out via an IPO."
There have been press reports this week that Facebook is considering an IPO.
Sign up for Computerworld eNewsletters.