Facebook proposes more changes to privacy policy

Critics are skeptical about the move's timing just before the company's IPO

Facebook said on Friday that it intends to make further changes to its privacy policy in order to respond to an audit by the Irish government, but privacy advocates saw the move as an inadequate attempt to quell privacy concerns prior to Facebook's planned initial public offering.

The proposed changes, which the company put out for public comment on Friday, don't appear to reflect any major shifts in policy. For the most part, the document makes more explicit how Facebook is already using user data. The company has also updated the policy to reflect newer features, such as cover photos.

The proposed changes are not final. A document highlighting the proposed changes is available on the website in PDF form, along with an explanation of the changes. The company is asking for user feedback and will host a web question-and-answer session about the changes May 14 at 9 a.m. Pacific time.

Sarah Downey, a privacy analyst and attorney at privacy software vendor Abine, said the more explicit language was required by a consent decree issued last year as part of a settlement with the U.S. Federal Trade Commission, and by the audit by the Irish Data Protection Commissioner.

Downey said once Facebook goes public, it will face pressure to generate more revenue and will probably accomplish that goal by using personal information to sell targeted advertising. The initial public offering (IPO) is expected to take place on May 18.

"Their financial success really requires them to collect more usable personal information and make that information available and accessible to advertisers. We expect that more private information about users is going to be disclosed," she said.

Jeffrey Chester, the executive director of the Center for Digital Democracy, also said the upcoming IPO will lay the groundwork for greater threats to user privacy.

"Facebook can't possibly protect the privacy of its users and grow as publicly traded company. It's going to be increasingly difficult for them to grow their business significantly without collecting and monetizing more of its data," he said.

Downey said one apparent change could be significant for consumers: Even if a Facebook user does not share his or her phone number or email address publicly, default settings will make it possible for others to search for the user on Facebook using that information.

The information Facebook obtains and provides to third-party advertisers, a sensitive topic among privacy advocates, was also the subject of substantial revision. For example, where the existing policy says that Facebook can use "the information it receives about you ... to measure or understand the effectiveness of ads you and others see," the new policy makes clear that that includes "deliver[ing] relevant ads to you." Delivering such user-specific advertising often involves sharing user data with third-party advertisers.

Immediately following that section, the proposed changes add, "We store data for as long as it is necessary to provide products and services to you and others, including those described above."

"They're talking about expanded use of your data with lots of little changes that are important. And Facebook is the master of these little changes adding up to big things," Downey said.

But the changes announced Friday also include some that allow users to better protect their privacy. An "activity log" feature will show users all of their activity on the network in one place, rather than across several timelines. Facebook also rolled out a centralized hub, where users can find all relevant documents.

Cameron Scott covers search, web services and privacy for The IDG News Service. Follow Cameron on Twitter at CScott_IDG.

Join the CSO newsletter!

Error: Please check your email address.

More about etworkFacebookFederal Trade CommissionFTCIDGScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Cameron Scott

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts