A story today on NPR’s Morning Edition news program focused on the controversy surrounding Facebook’s recent privacy upgrade downgrade: “Groups Complain To FTC About Facebook Changes”
My discussion with the reporter, Martin Kaste, covered most of the issues raised in my various posts on the issue:
- How some of the new user controls represent a new paradigm for privacy within Facebook, but come into conflict with the Laws of Social Networking;
- How Facebook should be applauded for giving users (some) new control over the information they share, as well as for prompting users to re-visit their privacy settings;
- But, that Facebook’s execution was flawed (again)
- And that much of what changed with this privacy transition actually went against providing users more control over their information
- And how much of Facebook’s actions confirmed my 3rd law of social networking, which states “Provide some privacy controls, but make it hard.”
Unsurprisingly (and understandably), my 20-minute interview was cut down to two 10-second soundbites. But I was more than pleased to share airtime with EPIC’s Marc Rotenberg and EFF’s Kevin Bankston, who provided valuable insights to this issue.
Also featured in the story was Tim Sparapani, a former American Civil Liberties Union privacy lawer who was recently hired as Facebook’s new director of public policy. Sparapani expressed his surprise that so many advocates — like myself — were critical of Facebook’s actions. He states:
Notice, choice, access by users, transparency about what’s happening with data, and control given to users of their data held by companies. We believe that we have actually managed to make those things operational.
While I can understand his frustration, Sparapani is only partially correct in this portrayal of Facebook’s actions. Consider each of these claims:
- Notice: Yes, Facebook should be applauded for giving users notice of the changes, including prompts to re-visit their privacy settings.
- Choice: While Facebook’s “transition tool” did provide users with a choice on how to set their new privacy settings, the choice was not completely unbiased. Generally, users could select between “Everyone” and “Old settings”. What the old settings were wasn’t readily discernible. And there are numerous settings between these two poles that were not readily provided to users. That’s not a complete choice. Further, users actually lost the ability to choose the visibility settings for certain critical pieces of personal information, such as their name, profile picture, current city, gender, networks, and the pages that you are a “fan” of. Clearly, that change was a conscious restriction of user choice.
- Access by users: I’m not sure what Sparapani precisely means by this. Users didn’t gain any new access to any new privacy settings (other than individual settings for status updates, which is nice). Users didn’t gain any new access to the information Facebook (or 3rd party apps) are storing about them (such as outlined in the Fair Information Practice Principles).
- Transparency: Again, there was little new here wrt transparency. Facebook’s privacy policy remains unchanged regarding how information might be processed, and users still largely have no idea over what 3rd party apps do with their data. True understanding of where our data is going remains opaque, at best.
- Control: As noted, while users gained control over the visibility of their status updates, they lost control over the visibility of other personal information. To me, this is clearly a net loss in terms of user control.
I can sympathize with Sparapani. We’ve sat on the same side of the table critiquing another company’s privacy policies, and now he’s entered into a challenging position and is trying to defend his company’s actions. But for all the positive impact Facebook’s new privacy paradigm might have, it is overshadowed by the negative consequences felt by over 300 million users.
MichaelZimmer.org 