When it comes to owning and operating any type of social media website, privacy plans and other forms of information protection must be carefully drafted, concise for all levels of understanding, and available for everyone to read. Management and technical personnel should review and confirm the contents of the Privacy Policy. Privacy Policies should be regularly reviewed to verify that procedural or technical changes are reflected in the Privacy Policy, especially needed when it comes to the information of social interest sites.
Careful watchers of the web’s social trends tend to boast how privacy is a fiction and that it is futile to try to reclaim it. Whether that perspective is correct or not does not matter when faced with a Complaint issued by the Federal Trade Commission head on. The Facebook Complaint and Consent Order recently issued by the FTC provides valuable lessons for how to stay out of the FTC’s crosshairs. Internet attorneys, businesses, consultants and advisors should study what the FTC views as deceptive in order to make necessary adjustments to business plans and operations for the betterment of social venues.
The State of California mandates that all websites that collect personally identifiable information from California residents must have a privacy policy readable on the website; yet the United States, as a whole, doesn’t enforce such actions. This tells us that, should we all follow the California laws, all websites would be required to have a privacy policy in place before collection of personal data occurred. As far as the FTC is concerned (which operates on the federal level), there is no absolute requirement to have a privacy policy, but if a website does have privacy policy, failure to comply with the policy will be considered a deceptive practice in violation of the FTC Act. Here below you will read a classic example of some obvious deceptive practices alleged by the FTC Complaint. It should be noted that in the FTC Consent, Facebook denied all allegations which was frankly expected by many.
First, it is noted that Facebook privacy pages historically offer options to restrict profile access to certain sects, including friends and their following. When these options were tested, though, Facebook often still provided profile information to an application that a Friend was using on their Facebook page, which is clearly a breach of this security feature. These pieces of info included a person’s hometown, birthday, activities, and interests, status updates, past educational experience, marital status, videos, and place of work. Even though Facebook allowed users to restrict this access through other pages, Facebook nevertheless represented, according to FTC information, either expressly or by implications unbeknownst to us, that they’re still able to restrict access and have it stick.
It’s relative obvious through the above claim some form of communication breakdown occurred between the Privacy Policy and the technical personnel implementing strategies which, if gone unchanged, can result in a claim by the FTC for deceptive practices and potentially shut down operations. Furthermore, statements in a Privacy Policy must be vetted to verify that they do not claim, or appear to claim, a higher level of privacy than is actually provided. Learning from hard lessons that Facebook has faced will assist future websites that launch social sharing or networking sites in implementation of a well-followed privacy policy.
