Facebook’s 2011 FTC Consent Order
- Court Approves FTC-Facebook Deal, But Says Data Protection Laws Need Updating: Despite objections from EPIC and other consumer groups, a federal judge has approved the Federal Trade Commission’s settlement with Facebook over the company’s alleged violations of the 2012 consent decree and the FTC Act. The court called Facebook’s alleged conduct “stunning,” “unscrupulous,” “shocking,” and “underhanded,” and even stated that it “might well have fashioned different remedies were it doing so out of whole cloth.” The court nevertheless approved the deal because of the “deferential” standard it felt bound to apply, but the court warned that, should the FTC accuse Facebook of further violations of the law, the court “may not apply quite the same deference to the terms of a proposed resolution.” EPIC had moved to intervene in the case and filed an amicus brief arguing that the deal imposes “few new obligations on the company that would limit the collection and use of personal data, nor will there be any significant changes in business practices.” The court denied EPIC’s motion to intervene but acknowledged that EPIC’s arguments as amicus “call into question the adequacy of laws governing how technology companies that collect and monetize Americans’ personal information must treat that information.” (Apr. 24, 2020)
- EPIC Uncovers 3,156 More Facebook Complaints at FTC—Over 29,000 Now Pending: Through a Freedom of Information Act Request, EPIC has obtained thousands of new consumer complaints (part 1, part 2)against Facebook. The most recent documents, released to EPIC, follow the Commission’s proposed $5 b settlement in July. Among the complaints uncovered by EPIC are those from consumer groups and members of Congress. EPIC also obtained records of new complaints in the FTC’s Consumer Sentinel database. EPIC earlier uncovered 26,000 complaints against Facebook since the announcement of the 2011 consent order. EPIC is formally challenging the proposed settlement with Facebook, charging that the Commission has failed to investigate thousands of complaints against the company. (Sep. 22, 2019)
- EPIC Pursues Intervention in FTC Facebook Case (Aug. 12, 2019) +
- EPIC Challenges FTC-Facebook Settlement, Asks Court to Hear from Privacy Groups (Jul. 26, 2019) +
- BREAKING - FTC Issues Facebook Fine, EPIC - "Too little, too late." (Jul. 24, 2019) +
- Court Rules D.C. Attorney General's Lawsuit Against Facebook Will Proceed (Jun. 3, 2019) +
- Facebook Anticipates $3B-$5B Fine (Apr. 26, 2019) +
- Senator Blumenthal Calls on FTC to Unwind Big Tech Mergers (Mar. 7, 2019) +
- EPIC, Open Markets, Civil Rights Groups Press FTC on Facebook Consent Order (Jan. 23, 2019) +
- Senators Urge FTC to Act Against Facebook (Jan. 18, 2019) +
- In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites (Dec. 7, 2018) +
- Facebook's Response to Congress Provides More Evidence of Consent Order Violations (Jul. 2, 2018) +
- EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices (Jun. 27, 2018) +
- US Consumer Groups Urge FTC To Examine 'Deceived by Design' Practices (Jun. 27, 2018) +
- At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order (Jun. 19, 2018) +
- EPIC Urges Senate Committee to Focus on Consent Order with Facebook (Jun. 19, 2018) +
- Facebook Overrode Users’ Privacy Settings And Allowed Device Makers To Access Personal Data (Jun. 5, 2018) +
- EPIC Obtains Partial Release of 2017 Facebook Audit (Apr. 20, 2018) +
- Senator Blumenthal Calls On FTC To Enforce Consent Order Against Facebook (Apr. 20, 2018) +
- EPIC Urges Senate to Focus on FTC Consent Order with Facebook (Apr. 9, 2018) +
- UPDATE - EPIC, Consumer Groups Urge FTC to Investigate Facebook's Use of Facial Recognition (Apr. 6, 2018) +
- EPIC, Consumer Groups to Urge Federal Trade Commission to Investigate Facebook's Use of Facial Recognition (Apr. 5, 2018) +
- State AGs Launch Facebook Investigation (Mar. 26, 2018) +
- FTC Confirms Investigation Into Facebook about 2011 Consent Order (Mar. 26, 2018) +
- EPIC FOIAs FTC, Seeks Facebook's Privacy Assessments (Mar. 20, 2018) +
- EPIC, Consumer Groups Urge FTC To Investigate Facebook (Mar. 20, 2018) +
- Facebook "Breach" Highlights Failure of FTC to Enforce Consent Orders (Mar. 19, 2018) +
- EPIC Offers Recommendations for Future of FTC Ahead of Senate Hearing on Nominees (Feb. 13, 2018) +
- EPIC Calls for Greater FTC Enforcement (Sep. 28, 2017) +
- EPIC Urges Public Comments on FTC Settlement with Uber (Sep. 6, 2017) +
- Following EPIC Complaint, Uber Agrees To Stop Tracking Riders (Aug. 29, 2017) +
- After EPIC Privacy Complaint, Uber Settles with FTC (Aug. 15, 2017) +
- Rep. Blackburn Proposes Online Privacy Bill, Would Preempt Stronger State Protections (May. 19, 2017) +
- EPIC, CDD Charge WhatsApp Policy Change Unlawful, Urge FTC to Act (Aug. 29, 2016) +
- With New Policy Changes, Facebook Tracks Users Across the Web (Feb. 4, 2015) +
- Facebook Responds to EPIC Complaint About "Emotions Study" (Oct. 2, 2014) +
- European Facebook Users Privacy Lawsuit Moves Forward (Aug. 26, 2014) +
- Following EPIC Complaint, Senator Seeks Investigation of Facebook User Manipulation Study (Jul. 17, 2014) +
- EPIC Challenges Facebook's Manipulation of Users, Files FTC Complaint (Jul. 3, 2014) +
- EPIC Urges FTC to Protect Snapchat Users' Privacy (Jun. 10, 2014) +
- Federal Trade Commission Urges Court to Protect Student Privacy (May. 29, 2014) +
- EU Court Rules Google Must Respect Right to Delete Links (May. 13, 2014) +
- EPIC's Snapchat Privacy Complaint Results in 20-Year FTC Consent Order (May. 8, 2014) +
- FTC Responds to EPIC Complaint on WhatsApp and Privacy (Apr. 10, 2014) +
- Federal Trade Commission Backs Users in Facebook Privacy Case (Mar. 21, 2014) +
- WhatsApp Founder Responds to EPIC Privacy Complaint (Mar. 18, 2014) +
- EPIC Urges FTC Investigation of WhatsApp Sale to Facebook (Mar. 6, 2014) +
- EPIC Files Amicus Brief in Facebook Consumer Privacy Case, Urges Rejection of Settlement (Feb. 21, 2014) +
- Instagram Retreats on Changes to Terms of Service, Cites User Opposition (Dec. 21, 2012) +
- Facebook Updates Privacy Controls, Removes Profiles Safeguard (Dec. 13, 2012) +
- Judge Rejects Settlement in Facebook "Sponsored Stories" Case (Aug. 21, 2012) +
- FTC Finalizes Settlement with Facebook (Aug. 10, 2012) +
- Judge Skeptical of Facebook Settlement (Aug. 3, 2012) +
- Facebook Timeline Changes User Privacy Settings. Again. (Dec. 15, 2011) +
- Federal Trade Commission Announces Settlement in EPIC Facebook Privacy Complaint (Nov. 29, 2011) +
- FTC Releases Agenda for Facial Recognition Workshop (Nov. 22, 2011) +
- WSJ: Facebook Close to Settlement with FTC over EPIC Complaint (Nov. 10, 2011) +
- Sen. Rockefeller Requests FTC Report on Facial Recognition Technology (Oct. 20, 2011) +
- Facebook Makes Some Changes, Privacy Complaints Still Pending (Aug. 29, 2011) +
- Facebook Makes Changes to Facial Recognition; Still Relying on Opt-Out (Jul. 27, 2011) +
- Congressman Markey Commends EPIC, Privacy Groups for Filing Facebook Complaint (Jun. 14, 2011) +
- EPIC Files Complaint, Urges Investigation of Facebook's Facial Recognition Techniques (Jun. 10, 2011) +
- Facebook Resumes Plan to Disclose User Home Addresses and Mobile Phone Numbers (Mar. 2, 2011) +
- Congressman Barton and Markey Challenge Facebook on Disclosure of Home Addresses, Mobile Phone Numbers (Feb. 2, 2011) +
- Facebook Drops Plan to Disclose Users' Home Addresses and Personal Phone Numbers (Jan. 18, 2011) +
- Congressmen Question Facebook About Latest Privacy Breach (Oct. 20, 2010) +
- Facebook "Places" Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users (Aug. 19, 2010) +
- Federal Trade Commission Takes Action Against Twitter, Social Network Service Settles Charges It Deceived Consumers (Jun. 24, 2010) +
- Congress Pursues Investigation of Google and Facebook's Business Practices (Jun. 1, 2010) +
- Facebook Expected to Announce Privacy Changes (May. 25, 2010) +
- New Facebook Privacy Complaint Filed with Trade Commission (May. 5, 2010) +
- Senators Oppose Facebook Changes, Schumer Urges Trade Commission to Regulate Social Network Services (Apr. 27, 2010) +
- EPIC’s Facebook Complaint of "particular interest" to FTC (Jan. 19, 2010) +
- Privacy Groups File Amended Complaint regarding Facebook (Jan. 14, 2010) +
- EPIC Seeks Facebook Communications Detailing Privacy Changes (Dec. 29, 2009) +
- EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission (Dec. 17, 2009) +
- Facebook Asks Users to Review Privacy Settings, Recommends Privacy Options, Questions Remain (Dec. 9, 2009) +
More top news
2004: Mark Zuckerberg starts Facebook as a social networking site for Harvard Undergraduates
2006: Facebook launches "News Feed," which allowed Facebook to post information directly to a user's page. Within 24 hours, hundreds of thousands of the site's users protested, prompting Mark Zuckerberg to write an open letter to Facebook users apologizing for doing a "bad job of explaining what the new features were and an even worse job of giving you control of them." Facebook then updated its privacy settings to allow for more user control over the News Feed Feature.
2007: Facebook launches Facebook Beacon, a program that broadcast users' private online purchases on their friends' News Feeds. Users were given no advance warning of the program and could not opt out. As a result of widespread criticism, Facebook shut down Beacon in 2009.
June 11, 2008: EPIC President Marc Rotenberg testifies before Congress on social network privacy:
Users of social networking sites are also exposed to the information collection practices of third party social networking applications. On Facebook, installing applications grants this third party application provider access to nearly all of a user's information. Significantly, third party applications do not only access the information about a given user that has added the application. Applications by default get access to much of the information about that user's friends and network members that the user can see.
February 4, 2009: Facebook changes its Terms of Service. The revised TOS allow Facebook to use anything a user uploads to the site for any purpose, at any time, even after the user ceased to use Facebook. Further, the TOS did not provide for a way that users could completely close their account. Rather, users could "deactivate" their account, but all the information would be retained by Facebook, rather than deleted. EPIC plans to file a complaint with the FTC alleging that the new TOS violated the FTC Act.
February 18, 2009: On the eve of EPIC's FTC complaint, Facebook backs down on its revised TOS, announcing that it will restore the original TOS.
December 17, 2009: EPIC and consumer organizations file a complaint with the FTC alleging that Facebook's privacy practices were unfair and deceptive. The complaint warns that Facebook granted third party apps unrestricted access to user data without users' knowledge or consent.
July 29, 2010: EPIC urges Congress to strengthen privacy laws for Facebook users. In prepared testimony, EPIC President Marc Rotenberg urged lawmakers to update federal law to protect the privacy of Facebook users, explaining that Facebook's constant changes to its privacy settings have made it virtually impossible for users to control who gets access to their information.
September 29, 2011: EPIC writes a letter to the FTC urging it to stop Facebook from using cookies to secretly track Internet users "even after they have logged off of Facebook."
November 29, 2011: Facebook settles FTC charges that it deceived consumers by failing to keep privacy promises. The FTC issued an eight-count complaint against Facebook alleging unfair and deceptive practices by Facebook:
- In December 2009, Facebook changed its website so certain information that users may have designated as private - such as their Friends List - was made public. They didn't warn users that this change was coming, or get their approval in advance.
- Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data - data the apps didn't need.
- Facebook told users they could restrict sharing of data to limited audiences - for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
- Facebook had a "Verified Apps" program & claimed it certified the security of participating apps. It didn't.
- Facebook promised users that it would not share their personal information with advertisers. It did.
- Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
- Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.
Under the proposed FTC Order, Facebook was:
- barred from making misrepresentations about the privacy or security of consumers' personal information;
- required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;
- required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;
- required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and
- required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
In its announcement of the settlement, the FTC noted that "Facebook's privacy practices were the subject of complaints filed with the FTC by the Electronic Privacy Information Center and a coalition of consumer groups."
December 27, 2011: EPIC's comments urge the FTC to strengthen the proposed order. Specifically, EPIC's recommended that the FTC require Facebook to:
- Allow users to access all of the data that Facebook keeps about them;
- Cease creating facial recognition profiles without users' affirmative consent;
- Make Facebook's privacy audits publicly available to the greatest extent possible;
- Cease secret post-log out tracking of users across websites.
In a separate letter, EPIC also asked the Commission to determine whether Facebook's Timeline, which made archived and inaccessible information widely available without the consent of the user, was consistent with the terms of the Order.
August 10, 2012: The FTC adopts a Final Order against Facebook without any modifications.
2012 - 2018: The FTC never charges Facebook with a single violation of the Consent Order despite numerous complaints.
March 20, 2018: EPIC and consumer groups urge the FTC to investigate Facebook following revelations that Facebook permitted the disclosure of 87 million user records to the controversial political data mining firm Cambridge Analytica.
March 26, 2018: The FTC confirms an investigation into Facebook.
July 24, 2019: The FTC announces a proposed settlement to end its investigation into Facebook. This was the first fine against Facebook since EPIC and a coalition of privacy organizations filed a complaint with the Commission about the company’s businesses practices back in 2009. The FTC fined Facebook $5 billion, but required no meaningful changes to the business practices that violate user privacy.
July 26, 2019: EPIC files a Motion to Intervene in United States v. Facebook to protect the interests of Facebook users.
- EPIC FTC Complaint In re Facebook (filed Dec. 17, 2009)
- EPIC FTC Supplemental Complaint In re Facebook (filed Jan. 14, 2010)
- FTC Complaint In the Matter of Facebook, Inc., FTC File No. 092 3184 (Nov. 29, 2011).
- FTC Press Release Announcing Proposed Consent Order (Nov. 29, 2011).
- FTC Analysis of Proposed Consent Order to Aid in Public Comment
- EPIC Comments on Proposed Consent Order (Dec. 27, 2011).
- EPIC Letter to the FTC Concerning Facebook Timeline (Dec. 27, 2011)
- FTC Decision and Order (Aug. 10, 2012)
- EPIC Letter to FTC Urging Investigation into Facebook (Mar. 20, 2018)
- EPIC FOIA Request to FTC Requesting All Consumer Complaints Made During Consent Order (Mar. 13, 2019)
- EPIC FOIA Request to FTC Requesting Records About FTC Associate Director of Enforcement James A. Kohm after the FTC Issued the 2011 Consent Order (May 29, 2019)
- Records of Director Kohm's Meeting Regarding Facebook (July 9, 2019)
- EPIC FOIA Request to FTC Requesting the Proposed Settlement with Facebook, Including Dissenting Opinions (July 15, 2019)
- Complaint for Civil Penalties, Injunction, and Other Relief (July 30, 2019)
- Plaintiff's Consent Motion for Entry of the Stipulated Order (July 30, 2019)
- Statement of Chairman Joe Simons and Commissioner's Noah Phillips and Christine Wilson (July 30, 2019)
- Dissenting Statement of Commissioner Rohit Chopra (July 30, 2019)
- Dissenting Statement of Commissioner Rebecca Slaughter (July 30, 2019)
- EPIC FOIA Request to FTC Requesting All Consumer Complaints Made During Consent Order Until After the Proposed Settlement with Facebook (July 25, 2019)
- Complaints, Request for Investigation, and Similar "Complaint-Like" Records Made by Third Parties to the FTC (part 1, part 2) (Sept. 20, 2019)
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.