SAN FRANCISCO — Government regulators are sharing some alarming information about Facebook: They believe the online social network has often misled its more than 800 million users about the sanctity of their personal information.
The unflattering portrait of Facebook’s privacy practices emerged Tuesday in a Federal Trade Commission complaint alleging that Facebook exposed details about users’ lives without getting legally required consent. In some cases, the FTC charged, Facebook allowed potentially sensitive details to be passed along to advertisers and software developers prowling for customers.
To avoid further legal wrangling, Facebook agreed to submit to government audits of its privacy practices every other year for the next two decades. The company committed to getting explicit approval from its users — a process known as “opting in” — before changing their privacy controls.
The FTC’s truce with Facebook, along with previous settlements with Google and Twitter, is helping to establish more ground rules for online privacy expectations even as Internet companies regularly vacuum up insights about their audiences in an effort to sell more advertising.
Although Facebook didn’t acknowledge any wrongdoing in the legal papers it signed with the FTC, Facebook co-founder and CEO Mark Zuckerberg was more contrite in a blog post Tuesday.
“I’m the first to admit that we’ve made a bunch of mistakes,” Zuckerberg wrote. “In particular, I think that a small number of high-profile mistakes … have often overshadowed much of the good work we’ve done.”
Facebook has overcome its missteps in the past to emerge as the world’s largest social network and one of the Internet’s most influential companies since Zuckerberg created the website in his Harvard University dorm room in 2004.
No website has been as successful as Facebook at getting people to voluntarily share intimate details about themselves. Zuckerberg has emerged as the Internet’s chief evangelist for sharing, partly because he believes it can help make the world a better place by making it easier for people to stay connected with the things and people that they care about.
Facebook also is trying to make money by mining the personal information that it collects to help customize ads and aim the messages at people most likely to buy the products and services being promoted.
That strategy has been working well as Facebook prepares to sell its stock in an initial public offering that’s expected next year.
The company’s revenue this year is expected to approach $4.3 billion, according to research firm eMarketer, up from $777 million in 2009. The rapid growth is expected to make Facebook the biggest Internet IPO in history, topping Google’s stock market debut in 2004.
The FTC’s 19-page complaint casts a glaring spotlight on how Facebook has approached its users’ rights to privacy at a time that it is facing tougher competition from Internet search leader Google Inc., which has attracted more than 40 million users to a social service called Plus just five months after its debut.
Google tried to lure people away from Facebook with a system that made it easier to guard their personal information. Facebook has responded by introducing more granular privacy settings.
The FTC cracked down on Google eight months ago for alleged privacy abuses that occurred last year when the company attempted to plant a social network called Buzz within its widely used Gmail service. Like Facebook, Google agreed to improve its privacy practices and submit to external audits for the next 20 years.
Twitter, the online short-messaging service, also struck a settlement with the FTC in June 2010 to resolve charges that it didn’t do enough to protect users’ accounts from computer hackers.
Much of the FTC’s complaint against Facebook centers on a series of changes that the company made to its privacy controls in late 2009. The revisions automatically shared information and pictures about Facebook users, even if they previously programmed their privacy settings to shield the content. Among other things, people’s profile pictures, lists of online friends and political views were suddenly available for the world to see, the FTC alleged.
The complaint also charges that Facebook shared its users’ personal information with third-party advertisers from September 2008 through May 2010 despite several public assurances from company officials that it wasn’t passing the data along for marketing purposes.
Facebook believes that happened only in limited instances, generally when users clicked on ads that appeared on their personal profile pages. Most of Facebook’s users click on ads when they are on their “Wall” — a section that highlights their friends’ posts — or while visiting someone else’s profile page.
The FTC also alleged that Facebook displayed personal photos even after users deleted them from their accounts.
Facebook’s agreement with the FTC requires the company to obey privacy laws or face fines of $16,000 per day for each violation.
“Facebook’s innovation does not have to come at the expense of consumer privacy,” FTC Chairman Jon Leibowitz. “The FTC action will ensure it will not.”
The FTC’s commissioners unanimously approved the agreement with Facebook. The FTC is accepting public comments through Dec. 30 before deciding whether to finalize the settlement.
Facebook’s stepped-up commitment to privacy wasn’t enough to satisfy Jeff Chester, executive director for the Center for Digital Democracy, one of the privacy watchdog groups that prodded the FTC investigation. In a statement, Chester called on Zuckerberg and Facebook’s board of directors to resign so that the company could hire more trustworthy replacements.
“They misled consumers and should pay a price beyond a 20-year agreement to conduct their business practices in a more above-board fashion,” Chester said.
Facebook sought to downplay the gravity of the FTC’s allegations, maintaining that it had already addressed most of the privacy complaints. Zuckerberg said the website has added more than 20 new privacy features in the past 18 months.
To underscore its commitment, Facebook has created two new executive positions — Michael Richter as chief privacy officer of products and Erin Egan as chief privacy officer of policy.
“This means we’re making a clear and formal long-term commitment to do the things we’ve always tried to do and planned to keep doing — giving you tools to control who can see your information and then making sure only those people you intend can see it,” Zuckerberg wrote in his blog post.