I’m quite pleased to learn that Facebook has come to a privacy epiphany. I’ve been blogging a lot lately about the privacy problems with Facebook’s new features — Beacon and Social Ads:
Facebook recently announced that it is changing the way it obtains people’s consent before it uses or discloses their personal information. In particular, its change in policy involves Beacon. According to the AP:
More than 40 different Web sites, including Fandango.com, Overstock.com and Blockbuster.com, had embedded Beacon in their pages to track transactions made by Facebook users.
Unless instructed otherwise, the participating sites alerted Facebook, which then notified a user’s friends within the social network about items that had been bought or products that had been reviewed.
Facebook thought the marketing feeds would help its users keep their friends better informed about their interests while also serving as “trusted referrals” that would help drive more sales to the sites using the Beacon system.
But thousands of Facebook users viewed the Beacon referrals as a betrayal of trust. Critics blasted the advertising tool as an unwelcome nuisance with flimsy privacy protections that had already exasperated and embarrassed some users.
Some users have already complained about inadvertently finding out about gifts bought for them for Christmas and Hanukkah after Beacon shared information from Overstock.com. Other users say they were unnerved when they discovered their friends had found out what movies they were watching through purchases made on Fandango.
Peter Lattman of WSJ blog was one of the ones caught off guard by Beacon, when he discovered to his dismay that Facebook announced to his friends that he bought tickets to Bee Movie on Fandango.
According to the New York Times:
Under Beacon, when Facebook members purchase movie tickets on Fandango.com, for example, Facebook sends a notice about what movie they are seeing in the News Feed on all of their friends’ pages. If a user saves a recipe on Epicurious.com or rates travel venues on NYTimes.com, friends are also notified. There is an opt-out box that appears for a few seconds, but users complain that it is hard to find.
Faced with its second mass protest by members in its short life span, Facebook, the enormously popular social networking Web site, is reining in some aspects of a controversial new advertising program.
Within the last 10 days, more than 50,000 Facebook members have signed a petition objecting to the new program, which sends messages to users’ friends about what they are buying on Web sites like Travelocity.com, TheKnot.com and Fandango. The members want to be able to opt out of the program completely with one click, but Facebook won’t let them.
Late yesterday the company made an important change, saying that it would not send messages about users’ Internet activities without getting explicit approval each time.
It appears that Facebook has moved from an opt-out to an opt-in system — users will have to affirmatively give their consent before their data is disclosed. This is a very positive development.
Over at the New York Times’s Bits blog, Louise Story has a very interesting post about the evolution of Facebook’s Beacon and how Facebook has been continually improving the way it obtains user consent. At the end of her post, she notes that while Facebook has implemented an opt-in system for Beacon, it will not allow users to universally opt-out of Beacon:
Facebook executives tell reporters that users who ignore the alert boxes will no longer be considered to have said “yes,” even after two days. If users ignore the alert box, Facebook says it will not post the news of their purchases to their friends. This is a big change, if implemented correctly. Users will still be hassled by the alert boxes from Facebook on its partner sites, but ideally they can ignore them now and not worry about their purchases being shared.
Facebook executives say they do not want to add a universal opt-out button because then users would not be able to try out Beacon on different sites to see what it can offer. One Facebook executive predicts that consumers may “fall in love” with Beacon once they understand it. Only time will tell.
The opt-in is a big step in the right direction, but I do hope that Facebook will rethink its policy of not allowing users a universal opt-out.
Originally Posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.