Today, 24 July 2019 was fined US $ 5 billion on Facebook by the FTC.
But more importantly, the company agreed on "new restrictions and a modified corporate structure that will hold the company accountable for decisions it makes about user privacy."
The list of restrictions and requirements is quite large, but if you are interested you can read the whole PDF from here.
Below are the main points:
The exchange of non-public user information must be "clearly and visibly" disclosed and not concealed in privacy policies or similar legal documents. Facebook needs the consent of the users.
Facebook must be assured that the information can not be accessed by third-party servers after a reasonable period of time not exceeding thirty (30) days from the moment the User has deleted this information or has deleted or terminated his account .
In addition, Facebook must ensure that deleted information from service users is deleted from the company's servers within a reasonable time period not exceeding 120 days.
Phone numbers that Facebook users have added to their account for use in security, e.g. 2-factor authentication, should not be used by Facebook for advertising or shared with third parties.
Facebook may not assign to third-party apps, websites or services of user connections, records, or authentication codes.
Facebook should regularly perform automated scans to ensure that user passwords are not stored in plain text, and if this is the case, they should encrypt, delete, or make data in other ways illegible.
Facebook will have to delete any existing face recognition within 90 days and will not be able to create new face recognition unless it clearly reveals how it will use or share the data.
Facebook should "receive regular but also biennial evaluations" from "one or more qualified, objective and independent professionals who will be selected by the company itself but will be" approved by the Independent Privacy Committee ".
Registration in iGuRu.gr via Email