Will FTC Force Facebook Onto Privacy Straight and Narrow?

Settlement could help Facebook if it takes new stand on user privacy, say analysts

After angering users with one privacy misstep after another, Facebook yesterday settled charges by the U.S. Federal Trade Commission (FTC) that it had deceived users and shared information it had told them would be private.

Now users and industry analysts are waiting to see if Facebook will correct its course on privacy matters or continue on with nothing more than a slight mark from its slap on the wrist.

"At Facebook, it appears that the culture there is privacy and consumer protection last. Instead it should be among the top priorities," said Zeus Kerravala, principal analyst with ZK Research. "Facebook would do themselves a favor by nipping this now. I hope they actually take security seriously now, but only time will tell.

"History would indicate not," he said.

Noting that he thinks the agency was too easy on Facebook, the world's largest social network, Kerravala, added, "There's no guarantee that this will change things. I thought [the FTC] should have hit them with more."

On Tuesday, the FTC unveiled an eight-count complaint against Facebook, charging the social network with not keeping its promises to users and deceiving them "on numerous occasions" by sharing information that people thought was being protected. Facebook has agreed to a proposed settlement.

As part of the proposed settlement, which is open to a public comment period, Facebook is not allowed to continue making deceptive claims about its privacy and must get users' approval before making any changes to the way it shares their information. The FTC also mandates that Facebook consent to periodic privacy audits for the next 20 years.

"I think this may help Facebook in the medium- and long-term," said Dan Olds, an analyst with The Gabriel Consulting Group. "It gives them a specific set of mandated privacy policies they have to adhere to, and that will cost them some time and money and maybe even limit their ability to make money on user data, sure.

"But -- and this is a big but -- as long as they adhere to these policies, they can now duck any outside criticism about their privacy policies by pointing to the FTC and saying, 'Hey, we're doing everything they've told us to do,'" Olds said.

However, in the short term, the settlement means that yet another spotlight is shining on the social network's privacy failings. That focus comes just as word spread that Facebook may only be months away from launching its initial public offering.

"In the short run, we might see Facebook's previous privacy problems discussed again, which isn't great publicity," Olds said. "But it will all be in the context of Facebook agreeing to the new FTC regulations, which puts a good face on it.... I don't think this will have a negative impact on Facebook's IPO."

He added that since the FTC rules basically don't change Facebook's business model, the federal regulations actually could make potential investors feel better about the company's sometimes cloud privacy stance.

"For some, this might help clear up doubts about the value of Facebook as many have been wondering if potential government action might put a big dent in their business," said Olds. "So with Facebook and the FTC agreeing to terms, that uncertainty has been resolved."

And Rob Enderle, an analyst with the Enderle Group, noted that if the FTC's actions result in Facebook learning a lesson about better protecting users' data, it could give the company a strong footing for moving forward and bringing in even more users.

"If they take this as the warning it should be..., they might actually turn this into a competitive advantage, given privacy concerns," he said. "It could actually help [Facebook] over time, if it results in either better behavior or the perception of more security with regard to personal information."

Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, on Google+ or subscribe to Sharon's RSS feed. Her e-mail address is sgaudin@computerworld.com.

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)