Facebook is a very valuable tool. But its effort to harness more of its member data–and cloak it as a “privacy” approach–illustrates how out of touch Facebook is with the fundamental concept of personal privacy. That’s why the FTC and EU Privacy commissioners have to step in and act as Facebook’s true “privacy wizard.“ Left on its own, with its business interests driving Facebook to make our information available to them and their business partners, the privacy of 100 million US users (and even more globally) are at risk. Facebook cavalier approach that your “name, gender, current city, networks, Friend List and Pages” is considered by them “publicly available information” illustrates this. Facebook has framed these changes as beneficial to users, claiming that its “new, simplified privacy settings giver you more control over the information you share.”  Classic PR doublespeak with a Silicon Valley accent.
We have raised concerns about Facebook in the past–especially with Beacon and also with the third party apps (my CDD played a leading role providing information on the data collected by third party applications to the leading Canadian privacy group).  I asked Facebook officials to brief me and other privacy groups on the recent changes: that briefing was on Wednesday. I wanted Facebook to explain how its new privacy approach allowed its users to control data mined by Facebook and its third party developers used for interactive advertising and marketing. I was so appalled by what Facebook officials said at that meeting that, after some additional research into Facebook’s plans, my Center for Digital Democracy decided to join with EPIC and others in a complaint to the Federal Trade Commission.
I was flabbergasted to hear Facebook officials claim that its new changes actually reflected “Fair Information Principles” for privacy. That in their view the concept of privacy has “evolved,” with users wanting to share all their information via what they call the “social graf.” Facebook officials said that only a few people (implying privacy advocates) wanted to have control over their information. That they didn’t consider allowing users to control the data collected on them for marketing and advertising purposes as part of a privacy regime. Data used for advertising–even to Minors–is considered outside of what a person should be able to control, in Facebook’s view.  They also suggested that those who didn’t appreciate what they called its privacy “permission” model were out of step.
Nothing was said by Facebook officials about the company’s real motivations for expanding its access to its user data (as if business reasons had nothing to do with Facebook’s approach to member privacy!). As InsideFacebook recently explained, “Last week, Facebook launched a major initiative geared towards getting users to share more information more openly…However, while many people don’t want to share much information publicly online today, some do. For those people, Facebook’s historical default privacy settings did not make it the right product for them. As a result, Facebook recognized that its default-private model made it vulnerable to other services with default-public models, like Twitter…Facebook’s decision to make the recommended privacy options for profile data like “Family and Relationships†and “Posts I Create†be set to “Everyone†– as well as its move to remove privacy controls for Gender, Current City, and Friends – were pretty aggressive by almost anyone’s standards. In particular, its decision to present users with a binary choice between “Everyone†and “Old Settings†for some privacy preferences was especially confusingly executed…Facebook isn’t satisfied with a mostly-private platform: it wants to be the single place where both sensitive personal information is shared and public memes spread…Facebook has shown, as recently as a few months ago with its launch of the “real-time†stream as the default News Feed, followed by its decision a few months later to go back to the algorithmic News Feed, that it is capable of making suboptimal product decisions due to intense feelings about services like Twitter…”
Relevant too are Facebook’s plans to enable its third party developers to gain access to more of its member data, including their email addresses. As Facebook explains on its “Roadmap” for developers, “We’re excited to announce that you will soon have the ability to ask users for their primary Facebook email addresses, providing you with a direct channel to communicate with your users.” At our briefing, Facebook officials said they were soon addressing third party apps and their access to data. But given Facebook’s failure to protect basic user privacy, we have serious doubts it will deal with data access by its developers.
CDD will be working to educate the FTC, EU privacy officials and others. Facebook is consciously devaluing the notion of privacy for its own interests. How Facebook deals with user data–including what is used for advertising–will be on the policy agenda. The complaint from EPIC, Consumer Federation of America, Privacy Rights Clearinghouse, CDD and others opens the door for a serious examination of Facebook’s data collection practices.
