Annotation by Christian Nossokoff
The FTC filed this complaint on the grounds that the Respondent, Facebook, was in violation of the Federal Trade Commission Act, specifically regarding commerce.
Commerce is defined in Section 4 of the FTC Act:
“'Commerce' means commerce among the several States or with foreign nations, or in any Territory of the United States or in the District of Columbia, or between any such Territory and another, or between any such Territory and any State or foreign nation, or between the District of Columbia and any State or Territory or foreign nation.”
The required information to register with Facebook includes: name, gender, email address, and date of birth.
Optional information that can be included at the time of registration includes: profile picture, hometown, sexual orientation, relationship status with romantic partners and family members who are also users of the site (boyfriend, girlfriend, fiance, husband, wife, brother, sister, mother, father, etc...) political views, religious beliefs, likes and interests (activities, movies, books, music etc...) and education and employment.
Information on user activity on the site over time includes: friends list of other Facebook users, “liked” pages of brands, organizations, interests groups, celebrities or any other entity, pictures and videos that both the user has uploaded and that other users have uploaded and “tagged” them in, and posts and comments made by the user on other users’ profiles and content.
All of this profile information is stored by Facebook controlled computer network.
Differing Platform Applications are available for use through Facebook. Users can approve Applications themselves, allowing the Application access to their profile information. But even if a user has not authorized an Application, the Application may still have access to some profile information because a user’s friend has authorized said Application.
FEDERAL TRADE COMMISSION v. FACEBOOK INC., Complaint, Ftc.gov. Federal Trade Commission. Web. 30 Mar. 2016.
Annotation by Christian Nossokoff
This decision and order by the FTC lays out what Facebook is required to do.
Facebook must let consumers know exactly what information is being collected and what inforamtion will be disclosed. Instructions on how to control privacy options must be provided.
The extent of which users' information can be used by third parties must be disclosed and the consent of the user must be collected.
If an account is deleted, within 30 days the information that a user has deleted, must be inaccesible.
FEDERAL TRADE COMMISSION v. FACEBOOK INC., Decision and Order, Ftc.gov. Federal Trade Commission. Web. 30 Mar. 2016.
Bloomberg Law Interview on FTC v. Facebook with CIPP Professional
Study conducted by Georgia Institute of Technology looking at the viability and practice of privacy policies, with a total of 64 analyzed.
Annotation by Christian Nossokoff
This study was conducted by Carlos Jensen and Colin Potts of Georgia Institute of Technology and the paper presented at the Conference on Human Factors in Computing Systems (CHI2004) in Vienna, Australia.
It looks at the viability and practice of privacy policies, with a total of 64 analyzed.
It is described that 70% of respondants to a 2001 survey worry about their online privacy, and that 69% in another study said they take their own preventative action against online privacy invasions.
Privacy policies are unavoidable. They are implemented by the vast majority of websites. They're supposed to inform consumers and aid them in decision making. But it is challenging to put forth all of the necessary information without overwhelming users.
Two sets of websites were studied. The first set was made up of 47 of the 50 comScore Media Metrix Top 50 U.S. Internet Property Rankings. They were high-traffic sites, so the results would be practical for users because they frequently experience policies like these. The second set studied were health-care websites in order to examine the effect over time regulations have had on policy after HIPPA went into effect over July 2001-September 2003.
Policies were analyzed based on 4 criteria:
The study determined that even if entities comply and follow all rules and regulations, privacy policies are unusable to consumers unless they check the policy in-depth, every time they visit the site.
The privacy policies were not easily accessible in many cases.
Jensen, C., & Potts, C. (2004). Privacy policies as decision-making tools. Proceedings of the 2004 Conference on Human Factors in Computing Systems - CHI '04. doi:10.1145/985692.985752
Study conducted in 2005 at Carnegie Mellon University. This study is relevant to the FTC v Facebook 2011 case because it shows how users already willingly provided an alarming amount of personal, and even sensitive, information.
This study was conducted in 2005 at Carnegie Mellon University by Ralph Gross and Alessandro Acquisti in Pittsburgh, Pennsylvania.
This study is relevant to the FTC v Facebook 2011 case because it shows how users already willingly provided an alarming amount of personal, and even sensitive, information.
The entire Facebook population at CMU (4,540 profiles) was included in this study.
It is important to note that the popularity and size of social networks have increased dramatically since the study was conducted.
The point of the study was to evaluate college student’s online behavior on social networking sites, including how much information they made available on their profiles and how they use sites’ privacy settings.
Results show possible dangers and breaches of privacy, and that only a small percentage users modify settings to protect their privacy.
39.9% of users provided their phone number on their profiles. 50.8% provided their current residence. 87.8% provided their date of birth.
89 out of a sample of 100 profiles used the real, full name of the user.
A Facebook user’s affiliation with another user is divided into 4 different categories: friends, friends of friends, non-friend users at the same institution, and non-friend users at a different institution.
The population of Facebook users we have studied is, by large, quite oblivious, unconcerned, or just pragmatic about their personal privacy” (Gross and Acquisti 8).
Although privacy settings are able to be modified, they rarely are. An overwhelming majority of users keep what the study calls the default permeable privacy settings.
The personal information users are revealing even on sites with access control and managed search capabilities effectively becomes public data” (Gross and Acquisti 9).
Gross, R., Acquisti, A., & Heinz, H. J. (2005). Information revelation and privacy in online social networks. Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society - WPES '05. doi:10.1145/1102199.1102214