It has been a long week for Facebook.
Fifteen consumer privacy groups just filed a new complaint (PDF) with the Federal Trade Commission claiming the social networking site has dropped the ball in protecting user privacy. Meanwhile, other groups like the Progress and Freedom Foundation and the Competitive Enterprise Institute cautioned that ongoing legislative efforts to protect privacy on the Internet may go too far.
The tension regarding user privacy on the Web is thick enough to cut with a knife, and it is an open question as to how the government should react.
About eight to 10 years ago, similar privacy and data sharing issues came up in the banking industry, noted Gartner analyst Avivah Litan. It wasn’t until an act of Congress that consumers by default had to opt into having their providers share information on them, she said.
“Facebook advertises its privacy features as giving users the ability to control the sharing of information they post on Facebook, but the firm does not warn those users that those controls can go awry,” Litan said. “There are no regulations protecting consumers from the malfunctioning of those controls, and there needs to be. In other words, there need to be penalties when companies don’t protect their customers’ private information, especially when those customers are told that they are in control of their own information.”
But some say the digital world, where information retention has become routine, requires an approach to privacy where the goal of government should be to enforce privacy agreements-not dictate them through legislation.
“Today, businesses increasingly compete in the development of technologies that enhance our privacy and security, even as we share information that helps them sell us the things we want,” Wayne Crews, vice president for policy for Competitive Enterprise Institute, said in a statement. “This seeming tension between the goals of sharing information and keeping it private is not a contradiction-it’s the natural outgrowth of the fact that privacy is a complex relationship, not a -thing’ for governments to specify for anyone beforehand.”
Crews made the comment in response to draft legislation submitted this week to the House Subcommittee on Communications, Technology, and the Internet. The bill lays out guidelines (PDF) for disclosing privacy practices, collecting user information and sharing user data with third parties.
These are the very issues at the center of the FTC complaint against Facebook, which an FTC spokesperson said is under review. According to the complaint, Facebook’s recent changes “limit a user’s ability to browse the Internet anonymously.”
The impetus for the complaint is Facebook’s decision to require “users to designate personal information as publicly linkable ‘Links,’ Pages’ or ‘Connections’ or to no longer make such information available.”
“These pages were selected by Facebook based on existing content in the user’s profile, including employer information, education information, and geographic information, as well as music, movie, book, and television preferences,” the complaint reads. “If the user unchecked all of the boxes in an attempt to opt-out of the compelled disclosure of her profile information, another pop-up window appeared to inform the user that if no information is designated as ‘publicly available,’ then major sections of the user’s profile that were previously available on the user’s Facebook page will be deleted and left empty.”
For its part, Facebook has contended the changes don’t endanger user privacy, and a spokesperson previously told eWEEK the new features will “make surfing the Web a smoother and more engaging experience for people who use Facebook while honoring the trust we’ve been given.”
Though a recent user survey has indicated many users do not take full advantage of Facebook privacy controls, Ari Schwartz, vice president of the Center for Democracy and Technology, said other research has indicated people are as concerned about their online privacy as ever.
“Congress needs to give the FTC the general authority to protect privacy if it wants it to act in cases like this,” he said recently in response to a question about whether the FTC should regulate social networks.
Social network providers need to be regulated so they know they are held accountable for mishaps, especially when they leak information that they advertise to their customers is within the customers’ control, opined Litan.
“Once these industry rules are put in place, Facebook will probably be much more careful in how it advertises its privacy controls to users, and will likely pay a lot more attention to making sure that they work as advertised,” she said. “It certainly will never be a perfect system, but it will offer consumers better protections.”