As you may have noticed, we held a news conference this morning to announce further progress in our investigation into the privacy practices at Facebook. Our news release is now available, as is Facebook’s.
The changes proposed by Facebook will make it easier for users to make clear and informed decisions about how to share their personal information within the popular social networking site – and with whom.
Importantly, Facebook has announced that it will be making changes to its API. These changes will, effectively, force developers to acknowledge what pieces of information they would like to access in your profile, and why. The changes will also give each user the opportunity to deny an application access to that piece of information.
Here’s an excerpt from our news release:
Third-party Application Developers
Issue: The sharing of personal information with third-party developers creating Facebook applications such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users’ personal information, along with information about their online “friends.”
Response: Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information. The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.
This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.
As many have rightly pointed out, it seems contradictory to participate in a social network and to then attempt to restrict access to some or all of your personal information.
To us at the Office, users should have the chance to find out what information is being collected by the social networking site or a third party application, and for what reason. Third party applications have long been a concern to members of the privacy advocacy community, since they have had relatively free access to the information stored in your Facebook profile.
If you have any doubt about the extent of the access granted to apps, just take this handy quiz developed by the Northern California chapter of the ACLU – but make sure to delete the app once you’re finished! (Facebook has instructions for that )
Thankfully, Facebook has made it clear that they consider the privacy of their users to be a priority – and maybe even a competitive advantage in comparison to other social networks.
The changes announced today will take months to implement, but the Office will continue to monitor progress on this important issue.