Snapchat, the “ephemeral” messaging service, agreed to settle FTC charges over claims that alleged it violated user privacy and deceived its customers. The company claimed that messages disappear entirely once viewed by the recipient, which they don’t, and collected user data such as location and address books without notice or consent.
The FTC charges followed a Snapchat security breach that leaked 4.6 million Snapchat usernames and phone numbers. According to the FTC, Snapchat made multiple representations to consumers that turned out to be utterly false. It also failed to properly safeguard its “Find Friends” feature—the one that led to the breach.
“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” FTC Chairwoman Edith Ramirez said in a statement. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
And The Punishment Is ... Nothing Much
Sounds pretty bad, right? But the price Snapchat has to pay for all this is, well, basically nothing. The FTC settlement forbids Snapchat from lying to consumers about the privacy and security of the application, and requires the company to implement a privacy program that will be independently monitored for the next two decades. (Assuming Snapchat lasts anywhere near that long, of course.)
As it turns out, the FTC couldn't have done much more at this point. In cases of this sort, the FTC has to give businesses one free pass where they don't have to pay a fine, but subjects them to further monitoring. If they violate their consent decree, they can then face fines. That's a problem in itself, but that's the system.
Because this is Snapchat's first offense, the startup which has raised $123 million to date, is getting off with a warning. The startup responded to the settlement with a "whoopsie" and a vague promise to be "more precise" in how it communicates with the Snapchat community. Even as apologies go, that leaves something to be desired.
If the messaging startup violates users' privacy again, it could end up like Google. In 2012, Google agreed to pay $22.5 million to settle with the FTC after it tracked Safari users who visited sites within Google’s advertising network, even though Google had told those users they would automatically be opted out of such tracking.
While $22.5 million is a drop in the bucket for Google, a multi-million dollar fine might have crimped the startup’s bid to become a mobile messaging giant.
Any company should be held accountable for their actions, whether a small startup or an industry giant like Google. Facebook, a company notorious for confusing privacy policies, settled its own $20 million lawsuit last year after a court determined its shady "Sponsored Stories" advertisements violated users' privacy.
The fact is, social media companies are way too cavalier about vacuuming up their users' data and offering too little in return. Now both small companies and tech giants alike can look to the Snapchat ruling for support in future cases—they got off easy the first time, now we can, too.
Update 2:00 PM: An earlier version of this article didn't acknowledge that the FTC can't levy fines for first offensive in deceptive practices. Thanks to Justin Brookman for pointing that out.
