Article Lead Image

Does Facebook’s proposed privacy policy violate its deal with the FTC?

Facebook privacy changes are usually annoying, but this time, they could be illegal.


Curt Hopkins

Internet Culture

Posted on Sep 9, 2013   Updated on Jun 1, 2021, 7:00 am CDT

Facebook has become famous for its frequent privacy policy changes. These changes are almost always unpopular, but Facebook’s latest proposal has been labeled as outright illegal by six top privacy organizations. 

The Electronic Privacy Information Center, the Privacy Rights Clearinghouse, the Center for Digital Democracy, Consumer Watchdog, Patient Privacy Rights and U.S. PIRG sent a letter to regulators (PDF), asserting a new set of proposed changes will violate Facebook’s 2011 privacy settlement with the Federal Trade Commission (FTC). 

The changes to Facebook’s Data Use Policy and Statement of Rights and Responsibilities would allow the company to “routinely use the images and names of Facebook users for commercial advertising without consent,” according to the privacy organizations.

According to Naked Security’s Lee Munson, Facebook’s previous statement said users could adjust their privacy settings “to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us.” 

The new policy requires users to allow Facebook to “permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you.”

According to the privacy organizations’ letter, the 2011 agreement with the FTC requires that, “prior to any sharing of a user’s nonpublic user information… with any third party, which materially exceeds the restrictions imposed by a user’s privacy setting(s)” Facebook “must make a ‘clear and prominent’ disclosure and obtain the ‘affirmative express consent’ of the user.”

If the new policy is approved,  it will stand in clear contravention to that prior FTC order. 

Another issue the privacy organizations feel is questionable is language that requires any minors signing up for the service to be somehow vetted by their parents. This would open minors back up to a level of exploitation that the 2011 order was in part expressly designed to guard against. 

H/T Naked Security | Photo by Marcin Wichary/Flickr

Share this article
*First Published: Sep 9, 2013, 3:57 pm CDT