Snapchat settled with the Established in 1914 under President Woodrow Wilson, the FTC is the United States government’s primary regulatory authority in the area of consumer protection and anti-competitive business practices in the marketplace. Its Bureau of Consumer Protection assumes the lead in the Commission’s efforts to eliminate deceptive advertising and fraudulent business practices at work in the economy. last week over charges that it deceived users when it advertised that photos would “disappear forever.” Clever Snapchatters were able to save pictures with workarounds, many of which Snapchat itself knew about, claimed the FTC. It also charged that the company misleadingly promised it did not track or access a user’s location specific information and that it collected information, without initially informing users, on all the contacts in the user’s mobile device address book.
Under terms of the settlement, Snapchat is barred from misrepresenting the extent to which it protects privacy, and it must establish a privacy program that will be monitored by a third party for 20 years.
But the photo-sharing app’s settlement isn’t the first by a social media company, and if the settlement terms sounds familiar, it’s because they are. Almost every big player in the social media world has settled with the FTC at some point over privacy issues, and most agreed to halt misrepresenting privacy protection and to establish a privacy program for 20 years. Here’s five social media companies who have also settled with the FTC.
Myspace
The deed: The FTC charged that Myspace was providing advertisers information on its users despite pledging to users not to share personally identifiable information. The company gave advertisers access to users Myspace ID, which often allowed advertisers to match Myspace navigation (what users were looking at on the site) with their full names. The sides settled in 2012.
The punishment: Myspace is barred from making privacy misrepresentations, had to implement a comprehensive privacy program, and submit to regular, independent privacy assessments for 20 years.
Twitter
The deed: The FTC charged that Twitter — despite its privacy policy stating otherwise –did not properly safeguard its users’ data and put their privacy at risk. The FTC’s complaint alleged that hackers were twice able to gain administrative control over the website and access all its users’ data. The sides settled in 2011.
The punishment: Twitter is barred from misleading consumers about the extent of its privacy safeguards for 20 years. It also had to maintain a comprehensive security program assessed by an independent auditor for ten years.
Google
The deed: The FTC charged that Google had tracked users of Apple’s Safari browser with cookies, despite telling users they would be protected by the browser’s default settings. According to the complaint, Google circumvented the do-not-track setting to target users with ads. The sides settled in 2012.
The penalty: A big one — Google agreed to pay a $22.5 million fine for violating a previous settlement with the FTC. In 2011, Google had agreed to the standard “stop making misrepresentations and implement a privacy program for 20 years” plan for alleged privacy violations in the rollout of its Google Buzz social network. Because Google had violated a previous settlement, it agreed to the record fine.
Facebook
The deed: The FTC charged that Facebook had repeatedly told users they could keep their information private on Facebook, only to repeatedly make it public without users’ consent. The sides settled in 2012.
The penalty: Facebook must give its users notice before sharing their information, and obtain consent before sharing the information beyond their Controls available on many social networking and other websites that you can set to limit who can access your profile and what information visitors can see. Facebook also must maintain a privacy program and obtain biennial privacy audits from a third party for … drumroll … 20 years. Facebook continues to face criticism from consumer advocates that it is violating the FTC order because of recent privacy changes it has made as a result of a class-action lawsuit.
Path
The deed: Path’s privacy policy told users that its app only collected certain user information, such as IP address and browser type. But the FTC charged that Path was really collecting information about the contacts in users’ address books — including names, addresses, phone numbers, email address, Facebook and Twitter account info, and dates of birth — every time users downloaded or opened the app. Path also allegedly collected information about children under 13 without getting their parents’ permission. The sides settled in 2013.
The penalty: Path agreed to pay $800,000 to settle the charges that it collected information on children. It also agreed to establish a privacy program and obtain privacy assessments every two years for the next 20 years.