The Federal Trade Commission announced a settlement with Facebook this morning over charges that the social network deceived users by failing to honor privacy agreements.
Under the agreement, Facebook:
- cannot misrepresent the privacy or security of users personal information;
- must get user consent before releasing changes that override existing privacy settings;
- must prevent people from accessing a user’s material no more than 30 days after that user has deleted their account;
- has to establish and maintain a privacy program that addresses risks that come with “the development and management” of products and services and that protects the privacy of user’s information;
- and — within 180 days and every two years afterward for the next 20 — must seek out third-party audits verifying that the privacy program is in place and that it satisfies the FTC’s order.