Back in 2011, the Federal Trade Commission alleged that Facebook deceived consumers by failing to keep its promises to protect user privacy. The two parties agreed to settle the charges through something called an “agreement containing consent order.” The Commission also signed a consent agreement with Google that same year. The FTC issued a final Decision and Consent Order regarding the Facebook allegations in 2012. (A consent order is an FTC enforcement tool that operates like a legal settlement.) Without admitting to the complaint’s counts, the parties involved signed a document that basically says, “we both agree to enter this agreement to resolve the allegations in the complaint, so now you have to do the following things, and if you fail to do any of them, the FTC is going to impose financial penalties.”
Yesterday, reports surfaced that Facebook formed data-sharing partnerships with device makers, enabling companies like Amazon and Apple to access Facebook users’ and their friends’ data -- without those friends’ consent. Reports indicate that the shared data includes data pertaining to users who expressly denied Facebook permission to share their information with any third parties.
Today, the European Union’s General Data Protection Regulation goes into effect. The GDPR seeks to give European consumers control of their personal data in the digital era. It creates stringent rules for the collection, processing, and transfer of personal data of European residents. It also emphasizes the importance of explicit consent as a basis for data collection and processing, lists users’ rights, and encourages companies to adopt more privacy and security-oriented approaches to the collection and processing of personal data.
Today, Public Knowledge launched a new paper, “Even Under Kind Masters: A Proposal to Require that Dominant Platforms Accord Their Users Due Process.” This is part of our broader work involving dominant online platforms and privacy, cybersecurity, antitrust, and regulation.