“your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting.”
How would this work in practice? Let’s imagine that CNN and Facebook team up. If you’re logged into Facebook and visit CNN, the website would be able to welcome you by your full name, display gender-relevant content, show you recommendations from the people in your network who also visit CNN, and so on. Going a little further, if you share your interest information, CNN might be able to dynamically display stories that match your interests.
The level of disclosure proposed in this new policy is similar (or even identical) to the information disclosure required for use of a Facebook app. The critical difference in the new policy is that while applications require an opt-in, it appears that this new process will require an opt-out. Facebook spokesperson Barry Schnitt:
“The opt-out hasn’t been built yet. We just want people to know they’ll be able to opt out. We’ve made that commitment. There will be an opt-out right when the user gets to the site, and there will be some opt-out functionality on Facebook. But as to where the button will be or how it will look, I don’t know, because they don’t exist right now.”
In theory, there will be two opt-outs. The first will be the hypothetical button that Schnitt talks about. The second will be to log out of Facebook and remove the Facebook cookie. In reality, though, if you’re a Facebook user, you can never really opt-out, because any time a Facebook friend visits a third party site Facebook will share some of your information with that site.
Although it is a good sign that Facebook has gone on record regarding privacy control, the previous comment reveals Facebook’s cavalier attitude towards privacy. Quite literally, they’re talking about pushing identity information of 400 million people around, yet privacy is treated as an afterthought – something they’ll figure out later. When will companies like Facebook and Google start bringing privacy teams in at the beginning of the design process, rather than at the end?
Shifting topics a little bit, I see this move as notable because it marks Facebook’s first foray into large-scale warehoused behavioral targeting. Targeting companies like Doubleclick (owned by Google) routinely mine our travels around the web, allowing third-party consumers to generate targeted recommendations based on our habits. Because this happens behind the scenes, we’re less likely to notice it (which doesn’t make it any less troubling). Facebook’s move stands to confront us with behavioral targeting, and they should consider the boundary they’re confronting. It may not seem to be a big thing to have a third party website welcome you by your first and last name, but it is a paradigm shift on the web.
TechCrunch argues that it is time to sharpen the pitchforks, in preparation for the major backlash against the service. Let me explain why this is frustrating. In my opinion, the role of the privacy team is to navigate the necessary tension between our freedoms to disclose and how companies can ethically and morally profit from our data. Facebook’s failures with Beacon or Google’s failure with Buzz are not “wins” for privacy; rather, they are losses for companies, consumers, and the market.
This brings me back to what is troubling about the “sharpening pitchforks” mentality. It doesn’t and shouldn’t have to be this way. Compared to Doubliclick, Facebook’s move really isn’t any more troubling – if the system is implemented properly. And if the system is implemented properly, it could be a win – for consumers, for Facebook, and for third parties. So how can Facebook navigate this challenge? Let’s start with research, sensible design, and a different style of rollout than the traditional ask-for-forgiveness-later approach Facebook seems to believe in.
At Facebook’s current size and scale, they can’t afford to get this wrong. Through research, testing, and a willingness to put the customer first, Facebook could navigate the challenges of this new feature. But make no mistake, more than anyone, they are in the bulls eye right now. And if Facebook does decide to play cavalier with privacy, the mobs TechCrunch describe will be waiting.