Recently, Facebook changed its Terms of Service (TOS). According to the New York Times:
This month, when Facebook updated its terms, it deleted a provision that said users could remove their content at any time, at which time the license would expire. Further, it added new language that said Facebook would retain users’ content and licenses after an account was terminated. . . .
The changes in the terms of service had gone mostly unnoticed until Sunday, when the blog Consumerist cited them and interpreted them to mean that “anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later.”
Given the widespread popularity of Facebook — by some measurements the most popular social network with 175 million active users worldwide — that claim attracted attention immediately.
The blog post by Consumerist, part of the advocacy group Consumers Union, received more than 300,000 views. Users created Facebook groups to oppose the changes. To some of the thousands who commented online, the changes meant: “Facebook owns you.”
The new and old TOS both state:
You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.
However, the new TOS does not contain the following language that the old TOS contains:
You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.
The Consumerist blog broke the story, which is now being discussed extensively in the blogosphere and news.
Mark Zuckerberg of Facebook responded to these concerns in a blog post:
Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they’ve asked us to share it with. Without this license, we couldn’t help people share that information.
One of the questions about our new terms of use is whether Facebook can use this information forever. When a person shares something like a message with a friend, two copies of that information are created—one in the person’s sent messages box and the other in their friend’s inbox. Even if the person deactivates their account, their friend still has a copy of that message. We think this is the right way for Facebook to work, and it is consistent with how other services like email work. One of the reasons we updated our terms was to make this more clear.
In reality, we wouldn’t share your information in a way you wouldn’t want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work. Our goal is to build great products and to communicate clearly to help people share more information in this trusted environment.
In other words, Zuckerberg is saying: “We’re not evil. Just trust us!” But this has been the mantra of nearly all companies that handle personal information. What company would say: “Yes, we intend to use your data maliciously and in ways you’ll abhor”?
There are many problems with Facebook’s policy of “trust us”:
1. Facebook could go bankrupt, and creditors might find the data Facebook has stored up to be one of its most valuable assets. These creditors might want to use the data in new and different ways than Facebook has. No company likes to contemplate its demise, so of course, Facebook probably isn’t concerned about what happens in the event it dies — after all, it would be gone and wouldn’t have to deal with any public relations headache or other troubles created by angry consumers.
2. The government can obtain data maintained by third parties very easily — with just a subpoena in most cases. So despite Zuckerberg’s promise that “we wouldn’t share your information in a way you wouldn’t want,” Facebook would have no choice in many instances but to do so.
3. In the past, Facebook has shared people’s information in ways they didn’t want. The privacy dust ups created by News Feeds, Beacon, and Social Ads are some examples. In the future, there’s no guarantee that Facebook will never use data in ways people don’t want. Facebook is struggling to find a way to become profitable. According to CNN:
A big part of the challenge in assigning a valuation to Facebook is that its financial results don’t come anywhere near to matching its runaway success signing up members: The site pulled in estimated revenues of just $280 million last year, and sources close to the company say it didn’t break even.
If using data in a particular way can generate tremendous profit, Facebook will be faced with a dilemma: (a) use data in a way many users might not like and reap the benefits or (b) forgo the use as well as the benefits. If the use of the information is quite lucrative, Facebook might decide to try to weather whatever privacy dust up might ensure — especially if the company is struggling to find a way to be profitable. Moreover, the privacy of past users who are no longer using Facebook is obviously less of a priority to Facebook.
For more good coverage of the story, see Michael Zimmer’s post: “On Facebook, People Own and Control Their Information (Except When Facebook Does)”
Originally Posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* LinkedIn Influencer blog
* Twitter
* Newsletter
