Privacy Groups Take Facebook Quarrel to the Feds
If you have a Facebook account but haven't used it in a while, a lot more of your personal data may recently have become public. The social network overhauled its privacy policies, requiring users to set their preferences. If you haven't taken that step, certain data that used to be hidden may now be exposed by default.
Dec 18, 2009 9:17 AM PT
The Electronic Privacy Information Center, key privacy group, has filed a complaint with the Federal Trade Commission arguing that the privacy changes Facebook made a little more than a week ago were unfair and deceptive.
"We think this is the most important matter now before the FTC, and the reason is that Facebook has more than 100 million subscribers in the United States," Marc Rotenberg, EPIC's executive director, told the E-Commerce Times.
This is the latest development in a backlash against the social network that appears to be gaining momentum.
When Facebook implemented its privacy overhaul, it probably expected to encounter some resistance. After all, it was taking the unprecedented step of requiring 350 million or so users worldwide to review and update their privacy settings.
It seems safe to assume, however, that the reaction, in at least some quarters, has been more than it bargained for.
First, just a day after implementing its "transition tool," as it's called, user feedback prompted the social network to change the way it had originally handled the visibility of Friends lists on the site.
Then, criticisms appeared regarding the amount of personal information that had become available to third-party application developers.
Now, it's the FTC complaint.
Call for an Investigation
On Thursday, EPIC filed charges that Facebook's new privacy practices violate federal consumer protection law.
Far more user information has become publicly available as a result of the change, the group argues, as well as becoming more accessible to third-party developers.
EPIC urged the FTC to open an investigation into the changes, and to require that Facebook restore the privacy safeguards it had in place before the change pending its findings.
Among the groups supporting the complaint, according to EPIC, are the American Library Association, the Center for Digital Democracy, the Consumer Federation of America, FoolProof Financial Education, Patient Privacy Rights, Privacy Activism, the Privacy Rights Now Coalition, the Privacy Rights Clearinghouse and the U.S. Bill of Rights Foundation.
'Unfair and Misleading'
"Facebook chose to change everyone's privacy settings, and it's clear from users, bloggers, security experts and others that it really was unfair and misleading," EPIC's Rotenberg said. "What we found was that through this transition, Facebook had nudged the settings toward further disclosure."
Facebook had said that its transition process would preserve any current settings, "but they didn't show you what those were," Rotenberg noted. Furthermore, "the only option if you changed your current settings was to make information more widely available.
"We're not happy about where things are," he concluded. "Facebook can't ignore the 100 million U.S. consumers who are generally unhappy with these changes."
7 Data Elements Exposed
The biggest problem with the privacy overhaul "is that there are many people who open Facebook accounts that may not actively use them," Paul Stephens, director of policy advocacy with the Privacy Rights Clearinghouse, told the E-Commerce Times.
It's not just Facebook that suffers from such problems, Stephens pointed out -- "Facebook is the focus of the complaint just because of their size," he said.
Still, while it's expected that "there will be bumps in the road" as privacy policies are honed, "this was a pretty big one," he concluded.
Facebook discussed its privacy program with "many regulators, including the FTC, prior to launch," and it expects to continue to work with them in the future, company spokesperson Andrew Noyes said in a prepared statement.
"We've had productive discussions with dozens of organizations around the world about the recent changes and we're disappointed that EPIC has chosen to share their concerns with the FTC while refusing to talk to us about them," Noyes said.
Facebook's plan to provide users control over their privacy and how they share content is "unprecedented in the Internet age," he added, and "we have gone to great lengths to inform users about our platform changes."
'I Don't Endorse the Complaint'
It should be noted that not all privacy groups stand behind EPIC's complaint.
"I think Facebook did some things right, and I think there are some things that could be better," Larry Magid, codirector of ConnectSafely, told the E-Commerce Times. ConnectSafely is a member of the newly established Facebook Safety Advisory Board.
"I don't endorse the complaint," he added, "but it's good we're talking about it."
No Place for Government?
It's "great" that Facebook provided granular control over privacy, "terrific" that users can block who can see individual postings, and "I think it's historic that they got 350 million people to think about privacy for three minutes," Magid said.
Nevertheless, "I see no reason why any information needs to be mandatorily controlled," he added. "I also wish minors by default didn't have their Friends list exposed."
Either way, while it's good that EPIC has raised the issue, "I'm not sure the government needs to be involved," he concluded.
'There Are Benefits to Sharing'
Many privacy advocates would say that all data should be opt-in, "but that doesn't strike a balance with the fact that there are benefits to sharing," Szoka told the E-Commerce Times. "Unlike EPIC, I don't think sharing is a bad thing -- the trick is to do it in a way that empowers users with granular control over the things they really find sensitive."
'Like Deer in the Headlights'
Looking at the privacy issue from a higher level, "nobody can agree on what should be done," Szoka noted.
The solution offered by companies like Facebook, Google and Yahoo is to offer "privacy by design," he pointed out.
"If you jump on companies every time they announce a new privacy-by-design feature, you leave them like deer in the headlights," he warned. "They'll be terrified to move forward with anything."