Snapchat Settles With FTC After Being Dishonest With Users About Privacy

Snapchat has entered into a consent decree with the FTC to address concerns over the company’s privacy policy, app description, and in-app notifications after the ephemeral messaging service was at the center of a huge data breach last year, exposing 4.6 million usernames and phone numbers.

According to the FTC, the security breach was in direct contradiction to promises made by the service around security and disappearing messages.

FTC Chairwoman Edith Ramirez had this to say:

Snapchat’s failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers.”

If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.

Snapchat co-founder Evan Spiegel has always been up-front about the fact that Snapchat pictures, while ephemeral, are relatively easy to capture and save, whether by taking a photo with another camera, screencapping it, or through more deceptive means. However, the description of the app on the App Store and within the company’s privacy policy didn’t necessarily make that crystal clear.

This comes in response to a complaint filed by the Electronic Privacy Information Center last year.

Here’s what Snapchat had to say in an official blog post on the matter:

When we started building Snapchat, we were focused on developing a unique, fast, and fun way to communicate with photos. We learned a lot during those early days. One of the ways we learned was by making mistakes, acknowledging them, and fixing them.

While we were focused on building, some things didn’t get the attention they could have. One of those was being more precise with how we communicated with the Snapchat community. This morning we entered into a consent decree with the FTC that addresses concerns raised by the commission. Even before today’s consent decree was announced, we had resolved most of those concerns over the past year by improving the wording of our privacy policy, app description, and in-app just-in-time notifications. And we continue to invest heavily in security and countermeasures to prevent abuse.

We are devoted to promoting user privacy and giving Snapchatters control over how and with whom they communicate. That’s something we’ve always taken seriously, and always will.

Following Snapchat’s big data leak, the company came under fire for not responding to warnings made by security researchers and experts who had found a way to access Snapchat’s user data. Hopefully Snapchat has learned a lesson about being honest with its users, growing and keeping their trust, and protecting their information.

Re/Code reports that the FTC settlement prohibits Snapchat from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.” It also requires that Snapchat re-draft its privacy program, as well as undergo independent monitoring for the next 20 years.