Facebook’s tactical retreat on privacy

At first glance, Facebook appears to have conceded quite a lot of ground to the Federal Trade Commission in the agreement it negotiated with the agency over its handling of user data. Among other things, the social network will now be required to obtain users’ affirmative express consent before making changes to the platform that override the user’s privacy settings. It will be barred from making false representations about the privacy and security of user data; it must establish and maintain a comprehensive privacy program; and, perhaps most significant, it must submit to an independent privacy audit every two years for the next 20 years. Taken together, the new measures have the potential to constrain significantly Facebook’s ability to provide marketers with the sort of fine-grained ad-targeting data that could support premium ad prices, as well as the social network’s strategy of making content and information sharing by its users as seamless and friction-free as possible.

In reality, Facebook had little choice but to cut a deal with the FTC. But the deal it cut could end up paying dividends in the future. Apart from the every-two-year privacy audits, Facebook in all probability did not agree to implement any procedures it wasn’t already going to face significant pressure to implement — not from any U.S. authority but instead from the European Union.