“Please Trust Us”: Facebook and Control of Personal Data
posted by Daniel Solove
Recently, Facebook changed its Terms of Service (TOS). According to the New York Times:
This month, when Facebook updated its terms, it deleted a provision that said users could remove their content at any time, at which time the license would expire. Further, it added new language that said Facebook would retain users’ content and licenses after an account was terminated. . . .
The changes in the terms of service had gone mostly unnoticed until Sunday, when the blog Consumerist cited them and interpreted them to mean that “anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later.”
Given the widespread popularity of Facebook — by some measurements the most popular social network with 175 million active users worldwide — that claim attracted attention immediately.
The blog post by Consumerist, part of the advocacy group Consumers Union, received more than 300,000 views. Users created Facebook groups to oppose the changes. To some of the thousands who commented online, the changes meant: “Facebook owns you.”
The new and old TOS both state:
You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.
However, the new TOS does not contain the following language that the old TOS contains:
You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.
The Consumerist blog broke the story, which is now being discussed extensively in the blogosphere and news.
Mark Zuckerberg of Facebook responded to these concerns in a blog post:
Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they’ve asked us to share it with. Without this license, we couldn’t help people share that information.
One of the questions about our new terms of use is whether Facebook can use this information forever. When a person shares something like a message with a friend, two copies of that information are created—one in the person’s sent messages box and the other in their friend’s inbox. Even if the person deactivates their account, their friend still has a copy of that message. We think this is the right way for Facebook to work, and it is consistent with how other services like email work. One of the reasons we updated our terms was to make this more clear.
In reality, we wouldn’t share your information in a way you wouldn’t want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work. Our goal is to build great products and to communicate clearly to help people share more information in this trusted environment.
In other words, Zuckerberg is saying: “We’re not evil. Just trust us!” But this has been the mantra of nearly all companies that handle personal information. What company would say: “Yes, we intend to use your data maliciously and in ways you’ll abhor”?
There are many problems with Facebook’s policy of “trust us”:
1. Facebook could go bankrupt, and creditors might find the data Facebook has stored up to be one of its most valuable assets. These creditors might want to use the data in new and different ways than Facebook has. No company likes to contemplate its demise, so of course, Facebook probably isn’t concerned about what happens in the event it dies — after all, it would be gone and wouldn’t have to deal with any public relations headache or other troubles created by angry consumers.
2. The government can obtain data maintained by third parties very easily — with just a subpoena in most cases. So despite Zuckerberg’s promise that “we wouldn’t share your information in a way you wouldn’t want,” Facebook would have no choice in many instances but to do so.
3. In the past, Facebook has shared people’s information in ways they didn’t want. The privacy dust ups created by News Feeds, Beacon, and Social Ads are some examples. In the future, there’s no guarantee that Facebook will never use data in ways people don’t want. Facebook is struggling to find a way to become profitable. According to CNN:
A big part of the challenge in assigning a valuation to Facebook is that its financial results don’t come anywhere near to matching its runaway success signing up members: The site pulled in estimated revenues of just $280 million last year, and sources close to the company say it didn’t break even.
If using data in a particular way can generate tremendous profit, Facebook will be faced with a dilemma: (a) use data in a way many users might not like and reap the benefits or (b) forgo the use as well as the benefits. If the use of the information is quite lucrative, Facebook might decide to try to weather whatever privacy dust up might ensure — especially if the company is struggling to find a way to be profitable. Moreover, the privacy of past users who are no longer using Facebook is obviously less of a priority to Facebook.
For more good coverage of the story, see Michael Zimmer’s post: “On Facebook, People Own and Control Their Information (Except When Facebook Does)”
February 17, 2009 at 1:22 pm
Posted in: Privacy, Privacy (Consumer Privacy), Social Network Websites, Web 2.0
Print This Post
Responses (10)
Max Kennerly - February 17, 2009 at 3:26 pm
I’ve been blogging on this as well (see link via my name), including whether the Terms are enforceable and if Zuckerberg’s blog post amends or modifies those Terms.
Regarding the value of the content, the issue that came to mind for me was bankruptcy: if Facebook flames out, what stops a creditor’s committee from demanding Facebook start monetizing its largest asset, i.e. unlimited licenses to an extraordinary amount of content?
Why not, say, a “25 Things” book, like PostSecret, only without the permission of anyone involved?
Joe - February 17, 2009 at 4:02 pm
Sorry, this is tangential to Dan’s main point, but–question:
The terms of service look like contract language: by using our site you allow us to do certain things with the the information that’s part of your use of it. My question is, how does this operate for users? New users obviously read (or are presumed to have read) the new TOS, which I assume makes the TOS enforceable for them. Old/continuing users, however, have not been alerted to the new TOS — there’s no pop-up, no “yes” box to check — and if they haven’t seen the NY Times story or a blog posting like this one, they’re not on notice. Can Facebook change the TOS on them like that? Or can Facebook change the TOS with respect to the past information of past users who have already deleted their accounts?
Jess - February 17, 2009 at 6:15 pm
Question: Are there now opt-in rules for obtaining and sharing personal information?
I don’t know anyone that actually reads the terms of agreement on sites. There was a video I watched earlier today on newsy.com that talked about this big facebook ordeal. They’ve coined it the “Facebook Face-off”
http://www.newsy.com/videos/facebook_face_off
Jacqui L. - February 17, 2009 at 9:35 pm
I know this is a serious issue, but I think the British comedy series, The IT Crowd, summed up these concerns nicely in a recent episode: http://www.youtube.com/watch?v=1Pebihz0FJA
Frank - February 17, 2009 at 10:51 pm
It is simply laughable that in this day and age, some charismatic CEO actually wants the “community” to “trust” him. All this brash move indicates to me is that they really believe they’ve locked enough people in to effectively foreclose competition in this market. Once more, innovation policy needs to move beyond trying to contrive competition to figuring out the right sectoral regulation in response to aspiring monopolists who’ve accumulated what David Grewal would call Network Power.
clarinette - February 18, 2009 at 7:50 am
I would certainly trust – at least I would try – whoever collect information from me to make money – lots of money – to share with me.
I don’t think I would trust a friend who deliberately encourages me to open my hearth and divulge my personal information to be commercialized even for the good sake of selling me ‘targeted’ products. Should I?
clarinette - February 18, 2009 at 7:54 am
I would certainly trust – at least I would try – whoever collect information from me to make money – lots of money – to share with me.
I don’t think I would trust a friend who deliberately encourages me to open my hearth and divulge my personal information to be commercialized even for the good sake of selling me ‘targeted’ products. Should I?
coffee - February 22, 2009 at 1:53 pm
the fact that Facebook change their TOS back so quickly is an indication that they knew they were wrong in the first place
Get Over It: Using Facebook = No Rights - Joshua L. Simmons - January 9, 2010 at 5:40 pm
[...] in a cupboard), which is inevitable since it has yet to monetize its service, its creditors will claim your information as an asset that the company can use to offset its [...]
The Spontaneous Huddle » Get Over It: Using Facebook = No Rights - January 9, 2010 at 8:13 pm
[...] in a cupboard), which is inevitable since it has yet to monetize its service, its creditors will claim your information as an asset that the company can use to offset its [...]
Leave a Reply