Facebook Privacy Policy Goes Under Microscope Again

Privacy continues to be a touchy issue for Facebook, as some minor changes the company made to the language in the terms of service -- including changing the title from privacy policy to data use policy --are drawing scrutiny from regulators and analysts.

Privacy continues to be a touchy issue for Facebook, as some minor changes the company made to the language in the terms of service — including changing the title from privacy policy to data use policy –are drawing scrutiny from regulators and analysts.
Facebook Spokesman Barry Schnitt told CNET, “We’re just making the terms consistent,” speaking of the switch from privacy policy to data use policy.
He said the social network also implemented some minor wording changes strictly for clarification, such as specifying that users’ data are shared with applications their friends use, which has been true for five years.
Schnitt continued:

Facebook is a social website, and so is our platform. Apps need data from friends to develop these social experiences, and that is the whole purpose for our platform.

If you’re not comfortable with that bargain, you can use your app settings to control what friends can share about you, block individual apps, or you can turn off the platform altogether.

References to non-Facebook users drew the ire of officials in Germany, who accused the social network of “comprehensive tracking of registered and unregistered users.”
This issue arose, according to CNET, because Facebook added the phrase, “and non-users who interact with Facebook,” to a section about not tagging users without their consent.
Moritz Karg, spokesman for the data privacy and information freedom authority in Hamburg, told CNET that Facebook, and not individual users, should be responsible for blocking tagging of users who do not wish to be tagged. Schnitt replied:

If you don’t want someone to be able to tag you, simply block them. If you’re tagged by someone else and want to remove it, we make that easy. We also created an easy way to complain directly to the user about a photo you don’t like.

Sarah Downey, a privacy analyst and attorney at online privacy company Abine, went one step further, telling CNET Facebook tracks non-Facebook users via JavaScript code that collects IP addresses, sites visited, and other data when they click the like button on websites.
She added:

I don’t think people realize that if you go to a non-Facebook site, the like button can track you, even if you don’t click on it. They consider you interacting with it if you’re merely viewing the page.

Rumor is that post-IPO, Facebook will try to launch its own ad network. So this tracking across the web on non-Facebook sites suggests that. Facebook is a data-collection machine, and that’s how they make their money.

Another complaint from Germany involved the fact that Facebook didn’t give users enough time to respond to the changes, notifying them one week ago via its Facebook site governance page and only allowing comments until 5 p.m. Pacific Time yesterday, to which Schnitt replied:

Rather than simply imposing changes on users, we propose them and invite feedback. We are the only site that I know of that proposes changes, solicits feedback, answers questions, and makes changes before the documents are official.

The bottom line: Privacy has been and remains a touchy subject, and anything that resembles a change to Facebook’s policy will draw excessive scrutiny.
Once the company goes public, it will be forced to be more transparent, and perhaps that may quell some of the concerns of regulators and users.
While we’re on the subject, here is the list of privacy measures Facebook promised in a detailed December audit to the Office of the Irish Data Protection Commissioner to implement during the first quarter of this year:

  1. Facebook will begin phasing in the ability for users to delete friend requests, pokes, tags, posts, and messages on a per-item basis, with the hopes of showing demonstrable progress by a review in July.
  2. Facebook will move the option to exercise control over social ads to users’ privacy settings from account settings, in order to improve accessibility and knowledge of the ability to block or control ads users do not wish to see again.
  3. Facebook will provide users with information on what happens to deleted or removed content, such as friend requests received, pokes, groups, and tags.
  4. Facebook will work with the DPC to simplify explanations of the data-use policy, identify a mechanism for users to choose how their personal data are used, and provide easier accessibility and prominence of these policies during and subsequent to registration, including the use of test-groups of users and non-users.
  5. Facebook will clarify its data-use policy to ensure full transparency.
  6. Facebook will provide additional information on how log-in activity from different browsers across different machines and devices is recorded in its revised data-use policy.
  7. Facebook agreed that it will no longer be possible for a user to be recorded as a member of a group without that user’s consent. Users will not be recorded as members until they accept invitations, and they will be able to easily leave groups.
  8. Facebook will work toward reviewing alternatives to mobile transmission of user data, as well as educating users about the fact that their details are transmitted in plain text when they synch their contact information from mobile devices.
  9. Even though it should be obvious to users that their synchronized data still exists after synching is disabled, Facebook will add text to that effect .
  10. Facebook immediately geo-blocked the major European Union domains so that messages from pages could not be sent to the vast majority of the social network’s EU users and nonusers, and will further refine information and warnings for businesses using the ability to upload up to 5,000 contact email addresses for page contact purposes.
  11. Facebook will add information to its policy clarifying that it acts as a data controller and information generated by use of Facebook Credits is linked to users’ accounts. The social network will also launch a privacy policy for its payments systems in approximately six months.

david.cohen@adweek.com David Cohen is editor of Adweek's Social Pro Daily.