News, Developments, and Insights

high-tech technology background with eyes on computer display

Privacy and Facebook Comments

I blogged earlier about the recent privacy kerfuffle with Facebook’s potentially permanent control over user data. In that post, I critiqued the “trust us” response that Facebook and so many companies make when responding to issues involving the use of people’s data.

There is, however, another argument Zuckerberg raises in response to Facebook’s data retention policy. He writes:

When a person shares something like a message with a friend, two copies of that information are created—one in the person’s sent messages box and the other in their friend’s inbox. Even if the person deactivates their account, their friend still has a copy of that message.

Zuckerberg is raising a rather thorny issue involving shared data. Although the “trust us” argument is rather specious, the shared data argument is much more difficult. One of the reasons why Facebook wants to maintain user data even after a user has left Facebook is that a lot of Facebook data is shared between friends. Facebook claims that it doesn’t want to allow users who leave Facebook to permanently delete their data from all parts of Facebook since their data appears on their friends’ Facebook pages. Zuckerberg also mentions the fact that email messages sent from one friend to another leave a copy in a friend’s inbox. One of the thorny issues with digital information is that it is shared.

What should Facebook do when a user wants to remove his or her data from all parts of Facebook, including their data on the pages of their friends? There are several ways of dealing with this:

(a) allow the user to remove it completely wherever it is;

(b) notify the people whose profiles contain the information and seek their consent before removing it; or

(c) not allow the user to remove it.

Facebook appears to have chosen (c). Before attacking or praising Facebook’s choice, consider the following questions:

1. Should you have the right to remove emails you sent from the recipients’ email inboxes or email accounts?

2. If you write a comment to a blog post of mine and then later want me to remove it, should I be compelled to do so? What if your comment is central to a particular discussion thread in the comments, so that removing it will make the discussion thread much harder to follow or understand?

3. If your information is automatically posted on a friend’s Facebook page, and then you leave Facebook, should you have the right to have the information that was put onto your friend’s Facebook page removed?

Regarding #1, I believe that people shouldn’t be able to automatically retract the emails they send to others, so that they disappear from the recipient’s inbox. Regarding #2, this is a thornier issue. I haven’t thought extensively about it, but my instinct would be to delete the comment at the commenter’s request. Regarding #3, which is one of the reasons why Facebook wants to maintain people’s data even after they quit Facebook, I don’t have an easy answer to this one.

What are your thoughts?

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
LinkedIn Influencer blog

TeachPrivacy Ad Privacy Training Security Training 01