A few months ago, it was Google in regulators’ crosshairs. In the past couple of weeks, however, it seems that Facebook is regulators’ new focus, as they push for consumer data protection.
Facebook is close to a settlement with the U.S. government over charges that it misled users about its use of their personal information, according to The Wall Street Journal. The settlement — currently waiting for Federal Trade Commission (FTC) approval — reportedly would require Facebook to submit privacy audits for 20 years and to obtain users’ consent before making “material retroactive changes” to its privacy policies.
The report comes as the FTC and other global regulators continue their consumer data protection efforts. In March Google agreed to adopt a privacy program (which also included 20 years of privacy audits) in response to charges that it deceived users and potentially violated user privacy when it launched the social networking service Buzz. And today the FTC announced that the Asia-Pacific Economic Cooperation forum has approved an initiative to create cross-border data privacy protection among APEC members. Companies that wish to participate in the APEC privacy system will undergo a third-party review and certification process that will examine their corporate privacy practices.
The New York Times reported last week that the European justice commissioner is planning to insert wording into a revision of the European Commission’s Data Protection Directive law that would require non-European Union companies to abide by Europe’s rules on data collection or face fines and prosecution. The move could create a global commerce dispute surrounding Internet privacy, the Times reported. Facebook is also being examined by Ireland, Germany, Sweden, Finland, Norway and Denmark for potential violations of consumer data protection regulations.
Speaking of consumer data protection in the U.K., there was another noteworthy news item from the past couple of weeks: The U.K. Parliament’s Justice Select Committee has suggested jail terms for violations of the country’s Data Protection Act. Although fines are used to punish breaches of U.K. data protection laws, they provide little deterrent when the financial gain exceeds the penalty, Sir Alan Beith, the committee’s chairman, said in a recent report. “Magistrates and judges need to be able to hand out custodial sentences when serious misuses of personal information come to light,” he added. “Parliament has provided that power, but ministers have not yet brought it into force — they must do so.”
Although it seems Facebook is the prime target in these consumer data protection inquiries, perhaps it’s being used as a very high-profile example. If companies see their own vulnerabilities in the lapses of one with seemingly endless resources, they might start taking a long look at their own consumer data protection practices. They probably will soon have to anyway, as regulators increase their vigilance.