Furthermore, the order establishes an independent privacy committee of Facebook’s Board of Directors. The committee will end the autonomous control of Facebook CEO Mark Zuckerberg over decisions related to users’ privacy.
It requires the social medial giant to appoint compliance officers responsible for its privacy program. The Board of Director’s independent privacy committee will be responsible for the approval or removal of a compliance officer. Zuckerberg and the compliance officers must submit quarterly certifications that Facebook is in compliance with the mandated privacy program.
Moreover, the order strengthens external oversight of Facebook. It improves the ability of the independent third-party assessor to evaluate the effectiveness of Facebook’s privacy program and to determine any gaps.
Additional privacy requirements
The order also requires Facebook to do the following:
- Exercise greater oversight over third-party apps, including by terminating app developers that fail to certify that they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data;
- Not to use obtained telephone numbers to enable a security feature (e.g., two-factor authentication) for advertising;
- Provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users;
- Establish, implement, and maintain a comprehensive data security program;
- Encrypt user passwords and regularly scan to detect whether any passwords are stored in plain text; and
- Not to ask email passwords to other services when consumers sign up for its services.
