In the Matter of Facebook, Inc. 2011 WL 6092532
|Mark Zuckerberg sweating through that interview, pre FTC privacy case.|
Eventually the FTC investigated Facebook, and the two entered into a consent order late in 2011.
First, the Facebook agreed to not misrepresent any information concerning privacy or security settings of users, including a) the collection of information, b) the extent to which a consumer could control that information, c) the extent that information was sold to third parties, d) the steps Facebook had taken to verify the security of third parties with access to the information, e) the extent to which the information was available after an account was deleted and f) the extent to which Facebook complied with various government issued privacy guidelines.
Facebook was ordered to clearly state in a separate user agreement the privacy and information collection settings, and obtain users express consent before collecting any private information. Like the Twitter case, Facebook also was required to designate an employee and set up a monitoring and auditing program to assess the new privacy controls and features. Facebook is also required to submit reports to the FTC discussing the implementation and success of such a program.
Since Facebook agreed to this consent order, they must have a method for implementing this requirement. This is good news for users who decide to remove information. Ideally, it would instantly be inaccessible to a third party, but even within the 30 day time limit is an extra level of assurance. It should still be noted that this doesn't necessarily mean Facebook cannot access the information, but it is a step in the right direction.