Submission Number: 00056
Received: 12/30/2011 12:01:07 PM
Commenter: David Argentar
Agency: Federal Trade Commission
Initiative: Proposed Consent Agreement In the Matter of Facebook, Inc., FTC File No. 0923184
Attachments: No Attachments
The proposed settlement is wholly inadequate. In essence, other than the requirement for rare audits, it says that Facebook's punishment for breaking the law is to obey the law. As such, I propose a settlement that will actually improve Facebook users' privacy and control over their personal information.
1) Facebook is required, within 180 days, to allow random, unannounced, independent third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected. No more than four such audits will be conducted in a year.
Rationale: Because of Facebook's demonstrated willingness to violate existing user-privacy laws, audits verifying their compliance with the settlement must be frequent, unannounced, and random to ensure that they are in fact in compliance. Other terms provide Facebook with too many opportunities for deceiving outside auditors.
2) Facebook must provide, upon request by a user, that user with a copy of any and all information Facebook maintains about them.
Rationale: This provides Facebook's users assurances that Facebook is in compliance with the settlement.
3) Facebook must provide, upon request by a user, that user with a written list of any and all information about them that was sent to third parties as well as the identity of such parties.
Rationale: As Facebook has repeatedly violated promises not to share users' information with third parties, Facebook will now have a positive duty to inform users who is receiving information about them.
4) Facebook is required, upon request by a user, to delete any and all information Facebook maintains about that user, do so within five (5) days of such request, and provide that user with a written statement indicating the information that was deleted and the date(s) on which the data has occurred.
Rationale: As Facebook has repeatedly violated promises to delete user information, they now have a positive duty to do so and provide notice of compliance with that duty. This is an additional check on Facebook acquiring information about its users in violation of the settlement. Given that Facebook maintains all of its data electronically, the five-day period is extremely generous.
Rationale: Facebook's users have shown a remarkable ability to demonstrate oppostion to Facebook's more odious policies when given sufficient notice of them. This provides such notice.
In addition, Facebook is barred from making false representations about user privacy and required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences as described in the current proposed settlement.