Stutzman’s Suggestions for Facebook to Properly Address User Rights

Fred Stutzman has an excellent post on the recent Facebook terms of service kerfuffle, including his prescription for what Facebook must do to properly address user rights:

First, Facebook should place a reasonable lifespan (eighteen to twenty-four months) on information users identify as important.  Facebook should delete my pictures within two years from the time I remove my account.  Simple as that.  Second, Facebook should work with a few policy and ethics organization to create a Facebook code of information ethics.  A few members of this organization would comprise an external board that could review and approve that new features are in-line with the code of ethics.  Finally, Facebook should hire an ombudsman.  The ombudsman should be hired for a contractually-tenured period and be given a blog on a third-party server.

I fully agree, and would add another simple thing Facebook can do to improve communication and increase transparency with its users: Rather than announce changes to its terms of service (or privacy policy) on a largely unread blog, place a notice on the top of every users profile announcing the change.

Whenever Wikipedia has something important to announce that affects the entire community, a notice is placed at the top of one’s watchlist page (screenshot), which remains until you dismiss it. My local paper, the Milwaukee Journal Sentinel, changed its privacy policy on January 13, 2009, and it still has a notice at the top of every page prompting readers to read the new policy (screenshot). Facebook did decide to provide a notice on users’ home pages announcing the reversion to the old terms of service (screenshot), but after one day, it was removed. Even Google has decided to provide an archive of past privacy policies so users can compare and see what has changed over time.

If Facebook plans to stick to its promise that “users will have a lot of input” in fashioning the next version of its terms of service, it will need to work hard at improving both communication and transparency. And, if Facebook really wants to its terms to “reflect the principles and values of the people using the service,” it would be wise to consider Stutzman’s suggestions.

:: UPDATE ::   Speaking of better ways to communicate with users when terms of service change, I just received this e-mail from Alamo announcing changes to its privacy policy. Notice they reached out to users directly, outlined the changes, and warned users to not visit the site unless they agree to these new terms.

Facebook, are you listening?


  1. I just can’t believe they went back on their TOS change. People are dumb if they think they are getting any privacy from Facebook or Myspace. All they are doing is voluntarily supplying valuable info to huge marketing mills. Although there are ways to communicate with privacy: anonymous sites like

  2. I agree with the first, though i think they should give the right to completely delete to users. I do not agree with the second, it isn’t their place to set a code of information ethics, they might set terms of use, but otherwise, the norms and ethics already exist and are massively plural and people should not be asked to conform to a silicon alley reinterpretation. Just like I wouldn’t want Amazon to tell me that, no i should not accept goods, then revert payment and not return the goods, i don’t want facebook telling me or other people similar things. That is sort of like going into a classroom and saying, ‘for my class’ i want you all to bring in sleeping bags and night clothes, and I won’t teach unless you are all in sleeping bags and night clothes. The norms and ethics already exist that preclude that. That is why I think they do need an ombudsman.

  3. Jeremy, my intention was actually create a code of ethics for the company, not the users – very much like an IRB. The outside board would construct a code of ethical practices and ensure that Facebook conforms to the code. I agree that setting a code of ethics for users is a fool’s errand – they are normative and attempting to set such a code on a global scale would be impossible.

    Michael, thanks for the pointer. I really do hope that Facebook considers something along these lines. They are not unreasonable (if my local newspaper has an Ombudsman, then certainly a company that represents 175 million users should), and I think they would be an excellent step forward for the company.

  4. I suspect that the company already has a code of ethics, it does not account for your nor my interests completely, but does likely account for most of theirs, including information ethics. I also think that the ‘outside board’ creating ethics for a company is much like Monsanto coming into my classroom and telling me what to do about biologically engineered corn. They know much more about the corn, they likely know significantly the ethics around the corn, but they don’t really have the perspective to make my classroom successful about the topic. This is not to say that i don’t think people, namely users, should make claims against the norms of the company, because they should, but those users are not stakeholders, the stakeholders are the investors, and the company is bound, usually legally, to pursue the best interests of the investors, and should those coincide with the users, that is grand, but i suspect that they don’t. If an outside board, not my investors suggested something like an irb to a facebook like company that i ran, my answer would be ‘no thank you, we appreciate your interest and commitment to our service, but we find that such an institution, much like it does in academia, hinders the progress of our work in ways that would remove possibilities of strategic action, which while is fine for academia, would not be fine for a company, thank you, have a nice day’

    If you want such a code of ethics, there is only one way of doing it really… and that is through legislation. You’ll find that if any given state adds ethics that are seen as burdensome without benefit, then the corporations just take their tax-base and leave and go to a state without that burden. So this has to be done nationally, but first thing that would probably happen is that someone would sue because information is a commodity and these ‘codes of information ethics’ if improperly formed as actually ethical would certainly be a restraint on trade that likely wouldn’t be constitutional for some interpretations of the commerce clause and understandings of federalism. We need proper privacy laws in this country, and we need all corporations to be bound by those laws. But while, I’m sure the idea of encouraging corporate citizenship is a good thing, it is just a very hard thing to do in neoliberal capitalism.

  5. While I appreciate your perspective, Jeremy, I’m not ready to give up on “values in design” or “corporate social responsibility” or related attempts to infuse ethics into both the boardroom and engineering design rooms.

    (That said, Noemi Manders-Huits and I have an article coming out soon outlining that challenges of mixing “ethical intelligence” with “business intelligence”)

  6. I can’t really disagree with Jeremy, and this is the challenge when talking pure ethics. It would be impossible to force/compel/enjoinder Facebook to comply with a set of ethical guidelines. So pure, theoretical ethics are out the window. But I’m not sure that doesn’t mean the company and an outside board couldn’t make steps towards better ethical conditions for the users. Perhaps it would end up just being window dressing. At the same time, in the current political climate corporate governance is just that – see the SEC, etc. A question – would users care more if a company broke a code of ethics, or the law? The Exxon boycott, for example, had arguably more to do with the fact it had broken an unspoken normative and ethical code of responsibility than any law (which it had broken many). In the context of global technology and a mass audience, does the state reasonably wield power (yes, but..). Interesting thoughts.

    This brings me back to a question I wish I had raised in my post. Do we actually have any sort of claim over “our information” as created in a third party? If we speak in a real-world public, we can’t reasonably ask individuals to unhear us. Why do we expect the same in a digital public? It seems like this is a fundamental part of the question, yet I haven’t seen anyone address it.

  7. @Michael Zimmer
    I’d say that a properly run business ‘ethical intelligence’ is ‘business intelligence’ and to assert otherwise is going to take a fair amount of transnational research. Now surely ethicists and business analysts define them differently, but in practice they are necessarily the same thing because both paradigms are seeking the good for the community.

    I personally think that, csr and values in design are not really trying to put ethics into places. it is more that they are trying to redefine the goals of the people trying to act ethically, trying to redefine the community those people’s ethics serve and i had a third one, but ehh, it slipped when i was editing. It is the ‘insider/outsider’ dialectic and the tendency of communities to, in the face of being challenged, strengthen their current standpoints, even if they aren’t good ones that has undermined csr. The assumption that there isn’t an ethics there is also very demeaning, so we need to be careful about that and we should assume, I think, that people are trying to do the right and good thing for their community(as they define it), that they actually are ethical and not normative nihilists like ivory tower folks*joke.

    I thin we do have a claim to our identity as a claim of the right to our body, from which rights of our mind, like rights of conscience, privacy, etc. derive. (granted… i don’t think there are rights really, but it is a handy shorthand). I don’t think this is a ‘do not hear’ us, but we do have norms there too. In the U.S.(as it varies culturally) we have a wide variety of body signals that allow us to indicate private conversations are occurring and others should not intervene, and we use those in public spaces. However, that doesn’t mean other people don’t hear, what it indicates to other people is that we don’t want them to hear. so there is a ‘claim’ there, and kindness tends to respect it.

    as for companies breaking the law…. i think we have a real social problem in relation to law breaking in that i don’t think most people care, and if they do, they lack the capacity to sustain that care unless a direct harm has been done to them. people don’t seem to have the passion for punishment and retribution that one finds in other cultures, and we have even less of a passion for rehabilitation(which is the saddest part). Don’t get me wrong, i think people empathize with those who have crimes perpetrated against them… but the news and other media tends to turn it into a drama, and i think that when it turns from people to stories about people, a little switch turns off and we feel unobliged or our obligation fades faster over time.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s