scorecardAlongside a $5 billion fine, the US government just imposed a bunch of restrictions on what Facebook can and can't do: Here's the full list
  1. Home
  2. slideshows
  3. miscellaneous
  4. Alongside a $5 billion fine, the US government just imposed a bunch of restrictions on what Facebook can and can't do: Here's the full list

Alongside a $5 billion fine, the US government just imposed a bunch of restrictions on what Facebook can and can't do: Here's the full list

1. "Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook's platform policies or fail to justify their need for specific user data."

Alongside a $5 billion fine, the US government just imposed a bunch of restrictions on what Facebook can and can't do: Here's the full list

2. "Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising."

2. "Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising."

The second regulation directly concerns users inputting their personal phone number into Facebook for so-called "two-factor" authentication. This type of security requires users to receive either a text message or phone call with a unique numerical code before they're allowed to access their Facebook account.

That phone number is being explicitly given for a security reason, and thus Facebook is being required to not use this data for financial gain (such as advertising).

3. "Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users."

3. "Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users."

The third regulation pertains specifically to Facebook's ability to recognize faces from photos uploaded to the social media network, and forces Facebook to alert users when facial recognition software is being used.

4. "Facebook must establish, implement, and maintain a comprehensive data security program."

4. "Facebook must establish, implement, and maintain a comprehensive data security program."

The fourth regulation is broad — Facebook is required to "establish, implement, and maintain" an oversight committee.

"Just as we have an audit committee of our board to oversee our financial controls, we'll set up a new privacy committee of our board that will oversee our privacy program," Facebook CEO Mark Zuckerberg said on Facebook on Wednesday. "To implement this, we'll have to review our technical systems to document any privacy risks and how we're handling them. Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we'll have to document any risks and the steps we're taking to mitigate them. We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work."

5. "Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext."

5. "Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext."

The fifth regulation directly concerns how passwords are stored by Facebook, which now requires the company to keep passwords encrypted. This is a measure of internal and external security — so that Facebook employees can't see user passwords, and so that hackers couldn't retrieve passwords stored without encryption.

This is a standard practice for any company operating a service with users who use passwords.

6. "Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services."

6. "Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services."

One major component of Facebook is verifying identity of its users, and one way to do that is by using a third-party service that has already verified a person's identity. But that's far more banal than Facebook asking for the login information used on third-party services, like Google.

As such, the sixth and final regulation imposed on Facebook by the FTC on Wednesday specifically involves Facebook not being allowed to ask for that login information.

Advertisement