Facebook handed the results of an independent audit of its privacy practices to the U.S. Federal Trade Commission on April 25. The audit — part of a settlement the FTC and Facebook agreed to in August 2012 — finds Facebook not guilty of any violation in the past six months.
The FTC first launched an investigation into Facebook privacy practices in October 2011, after public interest groups and legislators pressed the regulatory agency to look at whether the company’s cookies tracked user activities once they were out of the social site. Even though the cookie issue was resolved before the launch of the investigation, the FTC found Facebook guilty of several other missteps that included changing its viewing settings so that some information shared with only Friends was made public; granting third-party apps access to all of users’ data when Facebook said they would only gain access to certain elements of that data; sharing user data with advertisers despite promises not to; retaining the data of deleted accounts.
Facebook settled with the FTC in November 2011 and the terms were finalized in August 2012. Unlike Google, which the FTC fined $22.5 million for privacy violations, Facebook was not required to pay a fine. Instead, it agreed to a biennial audit for the next twenty years. The name of the auditor and the full 79-page report based on the past six months were not revealed. And while no violations were found, Facebook said the auditor did find areas where Facebook privacy could be improved.
The FTC has not yet responded to the audit. If it accepts it as fair, however, it might lower the privacy standards other internet companies are held to. Facebook responded to the FTC’s allegations not by backpedaling from its use of user data. Rather, it now divulges more to users about how their data is going to be used. Facebook overhauled its privacy policies in December 2012, now citing clearly that user data will be given to advertisers. It also says that the way to get information completely removed from a third-party app is to contact its makers directly. In the case of deleted accounts, it says the deleted data will be kept for 90 days.
Facebook is not the last company that the FTC will be auditing. Google submitted the first documents for its own twenty-year audit sentence in June 2012. More are almost certain to come as new companies offer services free of cost with data mining as their business model. And if the Facebook audit can serve as a guideline, the FTC will be concerned with transparency in general rather than adherence to any specific policies.