The Federal Trade Commission (FTC) and U.S. Justice Department (DOJ) have been taking Facebook to task regarding its recent privacy blunders, including the company’s failure to comply with a 2012 FTC ruling over how Facebook handles its users’ data.
While the DOJ lawsuit is still being litigated, Facebook recently agreed to an FTC order that requires the company to pay $US5 ($7) billion in fines and submit to a 20-year oversight program—including annual reviews of its privacy and data collection practices.
The finer points of the FTC’s ruling mostly affect Facebook’s business structure and won’t have an immediate impact on the user experience (if any at all). However, there are several changes to how Facebook collects and disseminates data that will affect users—some of which build upon existing changes Facebook recently made, likely in anticipation of what was coming down the pike.
Here’s a quick rundown of the privacy changes that you should know about, and how they affect you and your Facebook data.
New rules for sharing data with third-party apps and advertisers
The FTC ruling sets stricter standards for how Facebook deals with third-party apps and advertisers. Facebook is now required to remove third-party entities that don’t comply with Facebook’s policies or cannot reasonably justify their requests for specific data from Facebook’s users.
This means that these apps and advertisers no longer have carte-blanche access to user data and must explain exactly how and why that data will be used, but the exact standards for “justifying” requests are not defined. That lack of definition could lead to a lot of grey areas regarding these rules, but Facebook users have several tools for seeing how their data is brokered, and controlling access to it. Most importantly, this ruling doesn’t place limits on how facebook can learn more about you; rather, it’s attempting to curb what Facebook sells to advertisers.
Better transparency for facial-recognition technology
Facebook now has to clearly alert users that it uses facial-recognition technology, be more forthcoming about how and why it’s used, and alert users if it updates its technology or functionality beyond what users were originally asked to agree to. The company also has to get express consent from users in order to opt them into facial recognition features in the first place—something it notoriously overlooked in the past.
We’ll likely see a better explanation of the technology and further refined opt-in/out user settings as a result of this ruling, but it’s important to point out that it doesn’t change current user settings—though we have a guide for reviewing and changing Facebook facial recognition settings.
New password storage requirements
Paradoxically, it was both shocking and unsurprising when reports exposed how Facebook’s poor password data protection. Thankfully, as per the FTC ruling, all password data must now be fully encrypted and the company is now required to regularly scan for plain text storage on its servers. Similarly, Facebook won’t be able to ask new users your email passwords to their other services, either.
Restricted collection of phone numbers
In the past, Facebook had ways of finding (and then distributing) your phone number, even if you didn’t supply such data in your profile. With this new FTC ruling, Facebook is now barred from “using” phone numbers it obtained through security features, such as two-step verification.
What’s unclear, however, is what exactly “using” means. Collecting them? Selling them? It’s hard to say, and that’s frustrating since Facebook has a habit of “accidentally” collecting phone numbers. Thankfully, there are ways to delete such information from your profile and keep Facebook from snooping around your device’s contact information.
We won’t know the full effect users will see from these changes until they’re implemented and acted upon, but it’s hard to put much faith in these changes as long as the platform subsists on collecting and selling your data. We’ll have to wait and see how it all shakes out (including the still-in-progress DOJ lawsuit), but in the meantime, it may be wise to consider whether Facebook is worth keeping — or if you should delete it for good.