The U.S. Federal Trade Commission said Tuesday that Facebook Inc. has agreed to settle an eight-count complaint charging that it misled users about its use of their personal information. Members of the public now have 30 days to comment before the FTC decides whether to make the agreement final.

“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” FTC chairman Jon Leibowitz said in a statement. “Facebook’s innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not.”

Facebook basically is accused of telling consumers they could keep their information on Facebook private, and then repeatedly allowing it to be shared with advertisers and app developers. According to the FTC complaint, Facebook broke promises regarding sharing users’ personal information with advertisers. It also falsely claimed to certify the security of its “Verified Apps,” misled users about how much personal data apps could access, and dishonestly said it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union.

Facebook chief executive officer Mark Zuckerberg quickly posted a lengthy statement in which he detailed the numerous improvements his company has already made to address privacy concerns, while admitting to a less than stellar track record. He also announced that the social media giant’s chief privacy officer position is being divided into two, effective immediately.

Erin Egan will become chief privacy officer, Policy, with responsibility for Facebook’s “global public discourse and debate about online privacy” and ensure that feedback from regulators, legislators, experts and academics from around the world is incorporated into Facebook’s practices and policies. Egan recently joined Facebook, having been a partner and co-chair of the global privacy and data security practice of the Covington & Burling international law firm.

Michael Richter will become chief privacy officer, Products. Currently the chief privacy counsel on Facebook’s legal team, he now will join the product organization to “expand, improve and formalize our existing program of internal privacy review,” ensuring the integration of privacy and transparency by design into both Facebook’s product development process and our products themselves.

If the FTC settlement is finalized on Dec. 30, among other things Facebook will have to get consumers’ approval in advance of changing how it shares their data, and for the next 20 years will be required to obtain periodic independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order.

While not a judicial ruling, the FTC issues an administrative complaint like this one when it has “reason to believe” that the law has been or is being violated. Its assertion in this instance is that Facebook made made unfair and deceptive claims in violation of federal law. It will carry the force of law with respect to future actions should it proceed to be a consent order after the public comment period.

Related link:

Zuckerberg’s blog post –

Photo by Flickr user dkalo/Dimitris Kalogeropoylos, used under Creative Commons license



  1. There’s still some missing pieces to the story. This settlement really does nothing to stop Facebook from tracking us outside the social network. We can’t ignore such a huge invasion of our privacy!