January 2, 2012
Observers of Internet trends often pronounce that privacy is a fiction and that it is futile to try to reclaim it. Whether that perspective is correct or not does not matter when faced with a Complaint issued by the Federal Trade Commission (FTC). The Facebook Complaint and Consent Order recently issued by the FTC provides valuable lessons for how to stay out of the FTC’s crosshairs. Internet attorneys, businesses, consultants and advisors should study what the FTC views as deceptive in order to make necessary adjustments to business plans and operations.
Below is a discussion of some of the more significant and relevant claims of deceptive practices alleged by the FTC Complaint. It should be noted that in the FTC Consent, Facebook denied all allegations.
1. Facebook privacy pages offered options to restrict profile information to “Only Friend” or “Friends of Friends”. However, even when such options were selected, Facebook often still provided profile information to an application that a Friend was using on their Facebook page. Such information included a user’s birthday, hometown, activities, interests, status updates, marital status, education (e.g., schools attended), place of employment, photos, and videos. Even though Facebook allowed users to restrict this access through other pages, Facebook nevertheless represented, according to the FTC, either expressly or by implication, that access could be limited to “Friends” or “Friends of Friends” on the Profile Privacy Page, and did not indicate that further actions would be required to restrict access to applications of friends.
The FTC alleged that the Privacy Wizard, either explicitly or by implication, indicated that users would have “more control” over their privacy settings, above the prior settings. Which the FTC claimed was not the case. Facebook did not adequately explain that the new changes overrode prior settings as to name, profile picture, gender, friend list, pages, or networks. The FTC claimed that Facebook’s failure to adequately disclose these facts, in light of the representations made, constituted a deceptive act or practice.
3. The FTC Complaint states numerous examples of statements from Facebook that even though non-identifiable information is shared with advertisers so that they can provide advertisements targeted to the particular user, personally-identifying information is never provided to an advertiser without prior consent of the user. However, the FTC noted that if ads were clicked, then Facebook would provide to the advertiser a unique ID that Facebook assigns to each user. Apparently, advertisers could use the ID to identify the person. Then they could match criteria that they had selected for serving ads to that person. (e.g., if the ad targeted 23-year-old men who were “Interested In” men and “liked” a prescription drug, the advertiser could ascribe these traits to a specific user), plus the date, time and ad visited. Over time additional traits could be identified.
William Galkin, Esq. is an Internet lawyer who has dedicated his legal practice to representing Internet, website, e-commerce, computer technology and new media businesses in the U.S. and around the world. To learn more about agreements needed by websites go to http://www.galkinlaw.com/services.