Facebook privacy promises: what are they worth?
p2pnet news view Advertising | P2P:- It’s Big News that, thanks to the determination of CIPPIC (Canadian Internet Policy and Public Interest Clinic) students whose research revealed Fa$ebook’s privacy practices were largely a figment of imagination and PR BS, and the subsequent follow-up investigation by Canada’s privacy commissioner, Fa$ebook has been forced to make concessions about how it handles users’ personal information.
However, it complained some of the changes it’s agreed to are so amazingly techically difficult to implement that it needs time to make adjustments. So it now has a year to make them happen.
And this is being lauded as a triumph for Canada.
Fa$ebook is a hard-core advertising company dressed up as a ’social network’.
Information on users — the more in-depth-and-personal the better — greases its wheels and it’s been battling with them for years over who owns their private data and what it can to with it, coming up with one supposed ’solution’ after another.
For a small sample, check out:
- Facebook sued in California
- New ‘Keep Fa$ebook honest’ user group
- Facebook: still trying to snow users
- Latest Facebook advertising ploy
- This weekend: world-wide Facebook boycott
Meanwhile, although there is no doubt this is a victory of sorts, one can nonetheless safely assume much of the year Fa$ebook has been given will be devoted to trying to find ‘legal’ ways of getting around the commitments founder Mark Zuckerman (right) and his spinsters and sophists made to privacy commissioner Jennifer Stoddart.
So what promises has it made? In summary, they are »»»
1. Third-party Application Developers
Issue: The sharing of personal information with third-party developers creating Facebook applications such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users’ personal information, along with information about their online “friends.”
Response: Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information. The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.
This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.
2. Deactivation of Accounts
Issue: Facebook provides confusing information about the distinction between account deactivation – whereby personal information is held in digital storage – and deletion – whereby personal information is actually erased from Facebook servers. As well, Facebook should implement a retention policy under which the personal information of users who have deactivated their accounts will be deleted from the site’s servers after a reasonable length of time.
Response: Facebook has agreed to make it clear to users that they have the option of either deactivating their account or deleting their account. This distinction will be explained in Facebook’s privacy policy and users will receive a notice about the delete option during the deactivation process.
While we asked for a retention policy, we looked at the issue again and considered what Facebook was proposing. We determined the company’s approach – providing clarity about the options, offering a clear choice, and alleviating the confusion – is acceptable because it will allow users to make informed decisions about how their personal information is to be handled.
3. Personal Information of Non-users
Issue: Facebook should better protect the privacy of non-users who are invited to join the site.
Response: Facebook agreed to include more information in its terms of use statement. Facebook confirmed that it does not use email addresses to track the success of its invitation feature, nor does it maintain a separate email address list for this purpose.
4. Accounts of Deceased Users
Issue: People should have a better way to provide meaningful consent to have their account “memorialized” after their death. As such, Facebook should be clear in its privacy policy that it will keep a user’s profile online after death so that friends can post comments and pay tribute.
Response: Facebook agreed to change the wording in its privacy policy to explain what will happen in the event of a user’s death.
Stay tuned.
First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi
forced to make concessions – Facebook toes Canadian privacy line, August 27, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
