27 Aug 2009

Privacy and Facebook

As you may have noticed, we held a news conference this morning to announce further progress in our investigation into the privacy practices at Facebook. Our news release is now available, as is Facebook’s.

The changes proposed by Facebook will make it easier for users to make clear and informed decisions about how to share their personal information within the popular social networking site – and with whom.

Importantly, Facebook has announced that it will be making changes to its API. These changes will, effectively, force developers to acknowledge what pieces of information they would like to access in your profile, and why. The changes will also give each user the opportunity to deny an application access to that piece of information.

Here’s an excerpt from our news release:

Third-party Application Developers

Issue: The sharing of personal information with third-party developers creating Facebook applications such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users’ personal information, along with information about their online “friends.”

Response: Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information.  The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.

This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.

As many have rightly pointed out, it seems contradictory to participate in a social network and to then attempt to restrict access to some or all of your personal information.

To us at the Office, users should have the chance to find out what information is being collected by the social networking site or a third party application, and for what reason. Third party applications have long been a concern to members of the privacy advocacy community, since they have had relatively free access to the information stored in your Facebook profile.

If you have any doubt about the extent of the access granted to apps, just take this handy quiz developed by the Northern California chapter of the ACLU – but make sure to delete the app once you’re finished! (Facebook has instructions for that )

Thankfully, Facebook has made it clear that they consider the privacy of their users to be a priority – and maybe even a competitive advantage in comparison to other social networks.

The changes announced today will take months to implement, but the Office will continue to monitor progress on this important issue.

7 Responses

ACLU of Northern California Says:

Want to understand what this all means and how to change your Facebook privacy settings now to better protect your personal information? Check out the ACLU of Northern California Facebook Privacy Quiz at http://apps.facebook.com/aclunc_privacy_quiz/

More info at our blog at http://www.aclunc.org/techblog.

FaintFuzzies.ca » Blog Archive » Privacy In The Age Of Social Networking Says:

[…] by Jesse Brown, Canada may become the first country to make some parts of Facebook illegal.   The Office of the Privacy Commissioner is looking into where Facebook and/or the apps that are use in it transgres Canadian privacy law.  […]

Milan Says:

Normally, I am in favour of mechanisms to protect privacy and sympathetic to the fact that technology makes that harder to achieve. Facebook, I think, is different. As with a personal site, everything being posted is being intentionally put into the public domain. Those who think they have privacy on Facebook are being deluded and those who act as though information posted there is private are being foolish. The company should be more open about both facts, but I think they are within their rights to distribute or even sell the information they are collecting.

The best advice for Facebook users is to keep the information posted trivial, and maintain the awareness that whatever finds its way online is likely to remain in someone’s records forever.

Jose Says:

Facebook is a great tool, but is must be used carefully

Zak Muscovitch Says:

The intervention of the Privacy Commissioner was of course groundbreaking in that it represents a public interest in otherwise private social networks. This issue raises a larger question, and that is whether social networks, aka online communities, have reached a point where they serve an important public interest and users expect certain rights as members aka citizens of such communities. Is it time for a Charter of Rights for members of social networks? I wrote a small opinion piece on the subject here: http://dnattorney.com/2009/09/facebook-takedowns.html#links

Phil Says:

According to this:
http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly , you can’t opt out of the “sharing” of your information with Facebook apps (and also the information of your friends). It seems like things may have gotten worse, not better. Many bloggers and commentators are upset about this. See for example http://calacanis.com/2009/12/13/is-facebook-unethical-clueless-or-unlucky/

Kim Taylor Says:

On December 9th, Facebook launched its new privacy features. In many ways, I feel that I had much more control over my privacy under the old platform. I am a PC Security Specialist so had no problem using the old privacy settings but I understand how other users did. I don’t use the apps though due to their third party developer policy. It seems that FB has now provided a one size fits all solution leaving many users exposed with some default settings. For example, it is now possible in many instances to view personal info of friends of friends and they are probably totally unaware. Many users are also being indexed by search engines without realizing it. You use to be able to customize the viewing of your friends list but now have very limited control over this. It appears more info is now publicly available. I’m not saying that sharing isn’t good as long as you have some control over who you share with. We don’t want a Twitter style platform which is mostly self-promoting and impersonal. We want to be able to share fun things with our friends not the entire Internet community nor identity thieves. I think that you should look into these new privacy settings. Here’s a great article on the changes: http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly

Leave a Reply

If you wish to leave a reply, you will be asked to provide your name and e-mail address. Your e-mail address is required for the purposes of limiting spam and contacting you should we have questions about your comment.

To learn more about why this information is collected and how it will be used, please read our Blog Comment Policy.