Snapchat settles FTC charges over deceptive privacy practices

Snapchat settles FTC charges over deceptive privacy practices

Summary: The FTC case alleged that Snapchat deceived consumers about the amount of personal data it collected and the breadth of security practices in place to protect that data from unauthorized use or disclosure.

SHARE:

Snapchat and the Federal Trade Commission have reached a settlement in charges lodged against the social networking site and its representation of user privacy.

The FTC case alleged that Snapchat deceived consumers about the amount of personal data it collected and the breadth of security practices in place to protect that data from unauthorized use or disclosure. The stinging allegations go even further in the realm of misrepresentation to charge Snapchat with representing its site's security in a manner that stood in stark contrast to how the app actually worked. 

The case also alleged Snapchat failed to secure its Find Friends feature, which resulted in hackers exploiting a security weakness to compile a database of 4.6 million Snapchat usernames and phone numbers.

Beyond those two points, the FTC had a laundry list of complaints against Snapchat. They sum up like this:

  • Snapchat claimed "snaps" were ephemeral and would be disappear forever after the sender's designated time period. According to the FTC, third party apps enabled made it quite easy to save snaps indefinitely.
  • Snapchat stored video snaps unencrypted on the recipient’s device in a location outside the app's "sandbox," meaning that the videos remained accessible to recipients who simply connected their device to a computer and accessed the video messages through the device's file directory.
  • Snapchat deceptively told its users that the sender would be notified if a recipient took a screenshot of a snap, however a recipient using an Apple device with an OS pre-dating iOS 7 could evade the app's screenshot detection, without the sender knowing.
  • Snapchat transmitted geolocation information from users of its Android app, despite saying in its privacy policy that it did not track or access such information.      

FTC Chairwoman Edith Ramirez said in a statement:

If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.

Under the terms of the settlement with the FTC, Snapchat will be prohibited from misrepresenting how it maintains the privacy, security and confidentially of user information. In addition, the company will also be required to start a sweeping privacy program that will be independently monitored for the next 20 years. Any non-compliance with the agreement could result in stiff fines.

The FTC said the settlement is part of its ongoing effort to hold app makers to the privacy agreements they make with users. 

Topics: Mobility, Privacy, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Snapchat and Youth

    The young owner of Snapchat turned down offers of $4 BILLION DOLLARS from Facebook and $3 BILLION DOLLARS from Google. This reminds me of the film "Dumb & Dumber". Too bad the FTC couldn't shut them down completely...for being IDIOTS!
    RenoLasvegas
    • Stupidity is not a crime

      It's not even illegal. It it were, a lot of us would have done significant jail time.
      John L. Ries
  • What the article doesn't say...

    ...is whether Snapchat actually admitted any wrongdoing. It's stated a number of times that federal agencies shouldn't be allowed to settle with a defendant without an admission of guilt from the latter sufficient to justify the sanctions to be imposed. Otherwise, the defendant can claim he's the innocent victim of extortion (maybe even with some justice).

    It's interesting that federal criminal defendants are required to confess to what they actually did if they plead guilty to protect innocent defendants from being pressured into pleading guilty. Given how often federal agencies file civil charges (which can be very expensive to fight and even more expensive to lose), I think civil defendants should get the same protection (that, and if the feds lose either a civil or a criminal case, they should be required to pay the defendant's legal bills, up to the amount they paid their own lawyers).
    John L. Ries
    • I don't think most civil defendants want that protection.

      At least not the big ones. Judging by the number of Wall Street firms that have paid fines for the '09 meltdown, but "do not admit to any wrong doing".
      anothercanuck
      • They should have it nevertheless

        It's also called "excuse elimination" or "martyrdom prevention". We don't need crooked businesspeople to assert their victimhood because the feds caught them doing something illegal.
        John L. Ries
      • Out of idle curiosity...

        What's the rule in Canada, or is there one?
        John L. Ries