Privacy and Data Security
RSS Feed Email Print
Share
View divider Overview divider Attorneys divider a-pvcblog.gif divider PDF Version
Practice Contacts
Liisa Thomas
T: +1 (312) 558-6149 | Email
Practice Areas
Advertising, Marketing & Privacy Law Practice
Advertising and Entertainment Disputes
Advertising & Promotions Counseling
Advertising & Promotions Transactions
Sweepstakes and Promotions
Privacy and Data Security
Consumer and Communications PrivacyData Breaches and SecurityEmployee and Workplace PrivacyFinancial PrivacyHeath Care Privacy and SecurityInternational Privacy and Cross-Border Data TransfersPrivacy Resources
Technology Transactions, Licensing, and Outsourcing
Copyright Litigation
Trademark Litigation
Resource Center
Canadian Office of the Privacy Commissioner California Office of Privacy Protection Children’s Advertising Review Unit Department of Commerce US/EU Safe Harbor Website Direct Marketing Association Corporate Responsibility Resource Center European Union Protection of Privacy Resources FTC Privacy and Security Legal Resources International Association of Privacy Professionals Mobile Marketing Association Self-Regulatory Program for Online Behavioral Advertising Word of Mouth Marketing Association
Topics
advertising   BCR   behavioral tracking   blogging   breach notification   CARU   children's privacy   cloud computing   collection of consumer information   communications privacy   consumer privacy   cookies   COPPA   data breach   data protection   data security   data sharing   data transfer   decision of adequacy   eavesdropping   ECPA   electronic communications   email   employee privacy   EU   FACT   financial privacy   FTC   health care   identity theft   international   invasion of privacy   membership programs   mobile   NLRB   online and consumer privacy   online behavior advertising   privacy training   retail privacy   robocalls   SCA   security   Shine the Light   social media   spyware   TCPA   telemarketing   telephone marketing   text messages   tracking and monitoring   transborder data flow   TSR   wiretap   workplace privacy  
Other Winston & Strawn Blogs
Advertising, Marketing & Privacy Law News Energy Industry Watch Executive Compensation Blog Maritime FedWatch Winston and the Legal Environment
PRIVACY LAW CORNER
Welcome to Winston & Strawn's Privacy Law Corner, a blog where we cover recent developments in privacy and data security laws. We strive to give you not just updates, but an analysis of what lessons you can learn from these new cases, and practical tips to implement those lessons for your company. Our blog is edited by Winston & Strawn partner Liisa Thomas, and features authors from across the firm. To learn more about any of the cases or issues covered, please don't hesitate to contact one of us or your regular Winston & Strawn contact. To subscribe to these updates, please see the RSS icon at the top right of the page. You can also follow us on Twitter at @WinstonPrivacy.
About the Bloggers
Blog Tools Recent Postings | All Postings | Power Search | Attorney Login
August 16, 2012
Facebook Settles Consumer Privacy Complaint with the FTC

The FTC announced it has accepted a final settlement and consent agreement with Facebook. This settlement resolves the FTC's complaint that Facebook deceived consumers by telling them they could keep their information on Facebook private, yet allegedly allowing information to nevertheless be shared and made public. As part of the settlement, Facebook must give consumers "clear and prominent notice and [obtain] their express consent before sharing their information beyond their privacy settings." This consumer notice must be separate and apart from any "privacy policy," "data use policy," or other similar document. The notice must address (1) the categories of user information that will be disclosed to third parties, (2) the identity or categories of such third parties, and (3) the fact that the sharing exceeds the user's privacy settings. The order further requires Facebook to maintain a comprehensive privacy program to protect consumer information, and to allow an independent third party to audit their privacy programs every two years. The order extends until July 27, 2032, or 20 years from the most recent federal or FTC complaint alleging a violation of the order.

Tip: Keep in mind that the FTC will look not only at statements in privacy policies, but also direct, on-screen statements. Companies should thus make sure that those statements are clear and accurate. This case suggests that the FTC is particularly concerned about how user information is made public.



Caroline A. Wenzke ; Liisa M. Thomas
Email comments to the authors