Facebook Changes Privacy Policy to Appease Canadians

Facebook Changes Privacy Policy to Appease Canadians

September 17, 2009
Originally published in The Washington Examiner

Facebook made headlines late last month when it overhauled its privacy policy, which governs the site's practices regarding user data. The move followed months of saber-rattling by the Jennifer Stoddart, the Privacy Commissioner of Canada, who recently threatened to take legal action against Facebook for what she characterized as "serious privacy gaps in the way the site operates."

If you frequent Facebook, you've probably encountered the scenario was at the center of Stoddart's concerns. Any time a quirky news story graces your Facebook home page - say, a story about your friends building mafia empires or throwing sheep - chances are a third-party application is the culprit.

Third-party Facebook apps such as quizzes and games are created by independent developers using Facebook's application programming interface. Third-party apps, unlike built-in Facebook tools, don't always respect users' privacy settings. Until recently, when you installed an app, you were in effect giving it unfettered access to not only your profile information, but your friends' profiles, too.

While lots of Facebook applications are perfectly trustworthy, others exploit user data for unscrupulous purposes. Some apps in the wild are downright nasty, despite Facebook's best efforts to block unruly apps as they surface.

To Facebook's credit, it long ago inserted a warning that pops-up when a user tries to install a new Facebook app. The warning states that "allowing [this application] access will let it pull your profile information, photos, your friends' info, and other content that it requires to work."

Nevertheless, critics have argued that many, if not most, apps can function perfectly fine without such broad permissions. They have urged Facebook to implement a more precise set of privacy rules to enable users to decide just how much information to make available to third-party apps, including those installed by friends.

Under Facebook's new privacy policy, applications can no longer access users' friends' profile information without express permission from each friend. While the new policy does not offer the degree of granularity that some privacy hawks had desired, it offers significant new safeguards against rogue apps. The Canadian government has welcomed Facebook's new policy.

Yet users should be very worried that the Canadian government is meddling with Facebook's privacy policies. Pressuring sites like Facebook into hastily re-jiggering privacy rules, however well-intentioned, will result in unintended consequences. And because Facebook maintains the same privacy rules across countries, the excesses of one government can translate into pain for users worldwide.

Especially with services like Facebook that have eked out next to no profit (if any), putting resources toward amending privacy rules to meet regulatory demands means fewer resources can be put toward creating new innovations. Making mistakes, and learning from them, is what market experimentation is all about. Expecting the "cloud" to always get it right on the first try is a recipe for stagnation.

Besides, Facebook users can protect their privacy through numerous alternative means. Just last week, independent developers unveiled a privacy-enhancing cryptographic tool called "FaceCloak" that scrambles sensitive data and allows users to decide which friends have access to their real information. FaceCloak is just one example of a growing array of third-party tools - also known as privacy-enhancing technologies - that empower users to take privacy into their own hands.

When government dictates the terms of privacy agreements between individuals and firms, it risks disrupting the delicate balance between privacy and data sharing that underlies the information age. Worse, government intervention runs the risk of saddling cloud computing providers with artificial expenses, undermining the services' ability to innovate and evolve.

The point of online social networking is to share your information with your friends. Facebook, MySpace, LinkedIn, and similar sites give us the choice of what to share and what not to share. Users are ultimately in control of what they post.

Attempts to fit the thriving online ecosystem into a rigid privacy framework threaten to undermine the creative spirit of the information sharing market. The threat of government prosecution for alleged privacy woes discourages the development of Facebook-esque services. Consider that many of the most popular sites and services today on the Web - think Twitter, Facebook, YouTube, Hulu, Google - are free to use and in large part financed by advertising. It's simply unreasonable to expect these kinds of free services to offer bulletproof privacy assurances.

The best way to protect Facebook users' privacy is through user education and common sense, not government mandates. Privacy-conscious users ought to read the fine print, be smart about installing apps, and use trustworthy privacy tools when needed. Ultimately, though, if you don't want to risk your personal information being leaked, keep it to yourself.