Facebook recently announced Facebook Ads, an attempt to monetize the vast amount of user information that flows through the social networking site (something I warned about previously). Facebook Ads has three main components:
-
Social Ads: Allows marketers to target ads based on user profile data, and also places brand-related events within a user’s news feed. For example, if I rate or rent a video from Blockbuster.com, that off-site activity is noted in my Facebook mini-feed, along with an advertising message from Blockbuster.
- Beacon: Provides a way for Facebook users to declare themselves fans of a brand on other sites and send those endorsements to their Facebook feeds. This is the code that allows Facebook to display my brand interactions off-site. Victoria Secret can activate Beacon, and my purchases there can be displayed on my Facebook profile.
- Insights: Aggregation and visualization of marketing data that goes deep into social demographics and pyschographics which Facebook will provide to advertisers in an aggregated, anonymous way.
Together, these “enhancements” result in a dramatic shift in personal personal information flows. User data intended to enhance one’s social interaction on Facebook is now shared with marketers. And transactions on off-site properties now can flow into one’s social interactions.
Unfortunately, I have been much too busy to keep up with this story, let alone blog on it extensively. Thankfully, others have provided all the necessary insight regarding the multi-faceted privacy concerns implicit in Facebook’s new ad strategy.
(Links and analysis continue after the fold)
Fred Stutzman, naturally, has been all over the story. (If you’re interested in social networking, and not ready Fred’s blog, you’re missing out.) His initial reaction:
[H]ere’s my couple-sentence version: SocialAds = deep targeting using your profile and network data, Project Beacon = your friends (and Facebook) know when you buy stuff on other websites.
Facebook has fulfilled its destiny: it is now Adbook. The data you share in Facebook is incredibly rich. Marketers can target based on your interests (You like Dylan? Buy the box set.) or your friends interests (Seven of your friends love Crocs, buy some Crocs.). Take the internal data, and mash it with the external data collected from Beacon – and you’ve got some seriously powerful targeting information.
He warns that “Facebook must approach this new turn with caution, this is a critical moment.”
Stutzman follows-up with an excellent post comparing Facebook Ads to the News Feed debacle, where Facebook disrupted the norms of information flow by automatically distributing users’ profile updates to all of their friends. With Facebook Ads, our privacy boundaries are similarly challenged:
In the case of Newsfeed, Facebook users were forced to reconceptualize their audience. Nissenbaum’s Contextual Integrity theory explains our reaction to Newsfeeds; the reshaping of privacy norms is a traumatic event. Beacon is somewhat different, so I want to lean on Altman for my explanation. With Beacon, Facebook’s boundaries are remapped. Users will be forced to realize that their Facebook identity “follows” them through the web. As a result, Facebook users will be forced to reevaluate all of their activities on the social web.
…For the past six months or three years, we’ve been cultivating our persona in Facebook. We’re used to boundaries, we know where Facebook ends, and we can segment Facebook as a “part” of our social web experience. With Beacon, Facebook users will be forced to confront the interconnection of their Facebook identity with the social web; the boundaries that existed previously no longer apply. Altman argues that our cognition of privacy boundaries are based on observable, mappable phenomena. We know that our homes are private because people can’t see through walls. With Facebook Beacon, the walls that we used to understand are gone – our identity, designed for a single place with focused interaction, now follows us everywhere. This is extremely significant.
Stutzman has also sniffed some of the actual data flows present when using Beacon, as well as a link to instructions for blocking it.
Complimenting Stutzman’s important privacy analysis from a social/cultural perspective, there are important legal implications with Facebook Ads. Thankfully, Dan Solove at Concurring Opinions is on top of it. In particular, he questions whether Facebook has properly gained user consent to use their likeness in the Social Ads (note how the user’s profile image appears in the Social Ad included above):
What is deemed to be valid consent to appear in the ads? It seems as though Facebook might be assuming that if a person talks about a product, then he or she consents to being used in an advertisement for it. But such an assumption might be wrong, and the use of a person’s name or image in an advertisement without that person’s consent might constitute a violation of the appropriation of name or likeness tort.
According to the Restatement (Second) of Torts § 652C: “One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.”
To avoid violating this tort, Facebook should first ask a user, before using her name or likeness, for permission to do so in an advertisement. Otherwise, the user might have an appropriation claim. It is wrong to assume that just because a user visits a website or rates a product highly or speaks well of a product that the user wants to be featured in an ad.
Bill McGeveran continues this thread, noting how privacy law treats things differently when personal data is used for advertising purposes:
Privacy law, as it should, treats advertising uses differently from other uses. One of the four common-law privacy torts forbids “appropriation.” Specifically: “One who appropriates to his own use or benefit the name of likeness of another is subject to liability to the other for an invasion of his privacy.” (Restatement (Second) of Torts Section 652C) Even more significantly, several states including New York and California have statutory provisions that are similar. New York’s well-known statute creates both a misdemeanor and a civil cause of action for “[a]ny person whose name, portrait, picture, or voice is used within this state for advertising purposes or for the purposes of trade without the written consent first obtained.”
I don’t see how broad general consent to share one’s information translates into the specific written consent necessary for advertisers to use one’s name (and often picture) under this law.
…The famous 1902 case that led directly to adoption of the New York law (and eventually to the tort as well) involved a teenager whose picture was used without her consent on advertisements for flour. Look at the Facebook ads and see if they seem any different to you.
McGeveran expands on these, and similar, legal issues in a follow-up post, concluding:
There is so much power and promise in various embodiments of social networking. But the privacy issues involved are profound and I am concerned that this Social Ads innovation may indicate a cavalier attitude to consent and an incorrect presumption that social networkers don’t care about their privacy. They do, they should, and so should the companies seeking to harness the power of social networks for their own benefit.
Elsewhere, David Weinberger provides a key summary of how the default settings for Facebook Ads are transforming privacy norms by forcing users to acquiesce to the collection of personal data:
When Blockbuster gives you the popup asking if you want to let your Facebook friends know about your rental, if you do not respond in fifteen seconds, the popup goes away … and a “yes” is sent to Facebook. Wow, is that not what should happen! Not responding far more likely indicates confusion or dismissal-through-inaction than someone thinking “I’ll save myself the click.”
Further, we are not allowed to opt out of the system. At your Facebook profile, you can review a list of all the sites you’ve been to that have presented you with the Facebook spam-your-friends option, and you can opt out of the sites one at a time. But you cannot press a big red button that will take you out of the system entirely.
And Nick Carr is, predictably, critical of the entire value proposition:
Facebook, which distinguished itself by being the anti-MySpace, is now determined to out-MySpace MySpace. It’s a nifty system: First you get your users to entrust their personal data to you, and then you not only sell that data to advertisers but you get the users to be the vector for the ads. And what do the users get in return? An animated Sprite Sips character to interact with.
Soon, I’ll have more time to properly grok the implications of Facebook Ads and post my own thoughts…
MichaelZimmer.org 
I’m concerned, maybe even paranoid, about my personal data and where it seems to be finding itself. Today it lives in the databases of banks, credit card companies and the government in it’s most detailed and intimate form. It lives in the databases of retailers, airlines and insurance companies as the gold which they mine daily. And it lives in the databases of online service providers.
The benefits I gain are the use, customization and discounting on their products and services. And that is the price that I now pay to partake in the conveniences of living today.
What is the logical conclusion of this gradual online striptease I am in? Will I be totally naked and exposed to the commercial elements? Or can I take a stand and protect my online persona? I’m trying here: http://www.realtea.net.