Facebook’s new non-privacy-policy policies

Facebook is changing its data policies yet again -- and there's some new language you probably want to know about.

Facebook introduced a newly revised Statement of Rights and Responsibilities (SRR) and offered it up the public last week for feedback. Though the official comment period is now over, I’d like to add my 2 cents. And while 95 percent of the proposed edits to Facebook’s governing document were simple language changes, there are a few bits I find troubling.

First, though, let’s clear up some misconceptions. A lot of people are misinterpreting this as a new Facebook privacy policy. That’s not accurate, in part because a) this is a different document entirely, and b) Facebook doesn’t have a “Privacy Policy” any more, it has a Data Use Policy, which a lot of people (including yours truly) hadn’t really noticed until we saw this language changed in the SRR.

Some people are interpreting this as some kind of attack on privacy. I think that language change actually a good thing. The word “privacy” means too many things to too many people, which is one reason why it’s so hard to get folks to support privacy initiatives. Data Use is a much better description, because that’s what Facebook is doing – using your data. It’s certainly not protecting your privacy.

A few bits of new language jump out from this SRR that are worth noting.

1. Under section 5 (“Protecting Other People’s Rights”) the new SRR adds this (new language in italics):

You will not tag users or send email invitations to non-users without their consent or tag users if you know they do not wish to be tagged.

This is a good and worthy idea. A better and worthier idea, though, would be to give users the ability to simply tick a box that says “Don’t tag me – ever.” For reasons that escape rational understanding, Facebook refuses to do this. Instead, Facebook continues to insist that users have total control over who and how they can be tagged, when this is not the case.

Here’s what Facebook spokeshuman Barry Schnitt told CNET:

"If you don't want someone to be able to tag you, simply block them," Schnitt responded. "If you're tagged by someone else and want to remove it, we make that easy. We also created an easy way to complain directly to the user about a photo you don't like."

That statement is not entirely accurate. If someone wants to tag you in a photo, or claim you were at the same location they were, there’s not much you can do about it. You can delete the tagged images from your Timeline, but they’ll still be visible on that other person’s Timeline and to all of their friends. You can send the person who posted it a message asking them to remove the tag and/or the photo and hope they comply. Or you can block that person, which boots them off your friends list and makes your Facebook page invisible to them, but doesn’t actually remove the tag. Instead the tag converts to plain text so it doesn’t link back to your Facebook page.

In any case, it’s not easy – you need to go to the image where you were tagged, click Options, tell Facebook why you object to the tag, then choose between the choices I’ve outlined above. And even after all of that, it’s still completely possible for someone else to slander or embarrass you with a text tag without your knowledge. Not good.

2. Here’s a curious bit of legal mumbo jumbo under “Special Provisions Applicable to Users Outside the United States” (new text in italics):

We strive to create a global community with consistent standards for everyone, but we also strive to respect local laws. The following provisions apply to users and non-users who interact with Facebook outside the United States:

1. You consent to having your personal data transferred to and processed in the United States…

What the hell does that mean, exactly? How can non-users interact with Facebook, and why do these provisions only apply outside US borders?

As the lovely and talented Sarah Downey of privacy vendor Abine told CNET, this probably refers to the ubiquitous Like button and the stricter rules the EU has about data collection and use:

Facebook tracks non-users on other Web sites using JavaScript code that grabs IP address, site visited, and other information when people visit a site with a Facebook "Like" button on it. "I don't think people realize that if you go to a non-Facebook site the 'Like' button can track you, even if you don't click on it," she said. "They consider you interacting with it if you're merely viewing the page."

"Rumor is that post-IPO Facebook will try to launch its own ad network. So this tracking across the Web on non-Facebook sites suggests that," Downey said. "Facebook is a data collection machine and that's how they make their money."

Fact is, Facebook should not be collecting any data about anyone who isn’t using its services. Period, full stop. But what Facebook should do and what it does are often two entirely different things.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies