Subscribe

Facebook privacy under scrutiny (again)

Kathryn McConnachie
By Kathryn McConnachie, Digital Media Editor at ITWeb.
Johannesburg, 15 Nov 2011

As Facebook nears a settlement with the Federal Trade Commission over privacy complaints, questions have been raised over what it could mean for users.

The complaint against Facebook by privacy advocacy groups stems from the changes the social network made to its privacy policy in 2009. At the time, certain profile information was automatically made public, despite users previously having control over who could see what on their profiles.

In essence, the claim also argues that users were misled by Facebook due to the complex nature of the site's privacy settings.

The settlement in the case is expected to result in Facebook being required to obtain explicit consent from users before making any retroactive changes to their privacy settings. In other words, any privacy changes will have to be opt-in rather than opt-out.

New media lawyer Paul Jacobson says looking ahead, this settlement will mean that Facebook will not be able to make unilateral changes to what a user shares with whom, and will have to respect their individual privacy choices.

“That said, the settlement will still allow Facebook to introduce new products and services going forward which may require particular sharing settings, and obtain your consent to those changes in some way. That may simply take the form of a consent in future versions of Facebook's privacy policy.”

Jacobson, however, notes the focus of the settlement remains on retroactive changes and won't determine how content may be shared going forward.

“This remains users' responsibility,” says Jacobson. “Users simply must familiarise themselves with Facebook's privacy controls and make informed choices about what they share and with whom.”

David vs Goliath

As the case comes to a close, Facebook's battles with privacy advocates are far from over.

This weekend it was reported that an Austrian law student, Max Schrems, has taken 22 complaints about Facebook's privacy policy to the Data Protection Commissioner in Ireland.

Schrems requested Facebook to provide him with all the records of personal data it had of him. He was presented with 1 222 pages of information, including messages, posts, photos and activities - some of which Schrems says he had deleted.

On his campaign Web site, Europe vs Facebook, it is said: “It is almost impossible for the user to really know what happens to his or her personal data when using Facebook. For example, 'removed' content is not really deleted by Facebook and it is often unclear what Facebook exactly does with our data.

“Users have to deal with vague and contradictory privacy policies and cannot fully estimate the consequences of using Facebook.”

Schrems says: “A company that constantly asks its customers to be as transparent as possible should be equally transparent when it comes to the use of its costumers' personal data.

“Transparency is not only a question of fairness, but it is also a principle of European data protection law. It is time that the biggest social network worldwide sticks to these legal principles.”

Serious implications

Jacobson says Schrems' complaints raise a number of concerns about the extent to which Facebook has complied with Europe's Data Protection Directives which establish a legal framework to protect European users' personal information and privacy rights.

“The Irish Data Commission is either about to, or is in the process of conducting an audit of Facebook's privacy practices, and we should learn whether Schrems' complaints are valid in due course, but what this crusade does highlight is users' responsibilities when sharing information and content on Facebook.”

According to Jacobson, Facebook's privacy policy is readable and extensive (about 17 pages long if reformatted at size 11 font with 1.5pt line spacing).

“The primary reason for the policy's length and Facebook's efforts to explain the policy and privacy settings in different ways is that using Facebook has serious implications for your privacy.

“The sharing controls have improved drastically over the last few years, culminating in a recent update which exposes publicity controls in every post.”

Data protection

In terms of the 1 222 pages of data in Facebook's archives about Schrems, Jacobson says the concerns lie with how much information is contained in the archives, how much information Facebook actually receives and stores, and how much information it actually releases upon request.

“Social media users are slowly coming to the realisation that these free services we flock to in the tens and hundreds of millions have a lot of information about us and which we supply to them,” says Jacobson.

“Facebook is a great example because of its sheer size. The upcoming Timeline feature will heighten that awareness as it exposes users' profile information and interaction going about as far back as they have been members, possibly even further back if users populate their profiles with historical biographical data. “

Timeline is the new profile design unveiled by Facebook at its F8 Developer Conference. The new design acts as a digital scrapbook, and brings to light all of a user's Facebook activity in chronological order. It is yet to be confirmed when the feature will be rolled out to all users.

The new social apps that accompany Timeline have, however, raised some eyebrows. Once a social app is activated, it can automatically post updates about the user's activities - such as songs listened to, articles read or videos watched.

Myth of privacy

Jacobson says we are heading to the point where privacy as secrecy is largely a myth on the social Web.

“If you are active on the social Web, emphasis shifts to the extent to which you have meaningful control over your personal information and this is where Facebook has historically been pretty bad.

“That said, Facebook's privacy controls and its data use policy have improved dramatically in the last four to five years. Facebook's anticipated deal with the FTC should firmly place control over users' profile information more in their hands than they have experienced in the past and that is a win for users.”

Jacobson warns that users need to remember that how well their privacy is protected is largely a result of the choices they make.

“If services like Facebook require more than users are comfortable sharing, then they should refrain from using those services.”

Take responsibility

Jacobson says Facebook may have violated the European privacy laws that Schrems argues it has, but “we will have to wait for the results of the commissioner's audit to make that determination”.

“We may also discover that Schrems' much publicised campaign amounts to little more than tilting at windmills.”

Facebook says it complies with the laws, and that it will make any required adjustments should the commissioner find otherwise.

“Hopefully this crusade will remind users just how much they share on services like Facebook and take a little more responsibility for that,” says Jacobson.

Facebook users can download an archive of the information stored on them from Facebook by visiting their account settings and selecting “Download a copy of your Facebook data”.

Share