Ever since Facebook introduced its new personalization programs, users, privacy groups, and lawmakers have complained that Facebook’s privacy controls are overly complex and change too frequently. Thus, users who are not sufficiently alert may unintentionally release personal information to people who shouldn’t have that information. A lot of people are rapidly becoming more alert.
In response to the flurry of criticism and, perhaps, to forestall government action, Facebook just announced that it will introduce new privacy controls that it hopes will be more transparent and easier to navigate. Google, faced with a similar problem a few months ago with its new feature, Buzz, also changed its privacy controls in response to vocal criticism.
So we see companies and users struggling to find where social networking ends and privacy intrusions begin. The question for those of us concerned with public policy is whether the government can be helpful in this type of situation – for example, by providing guidelines as suggested by Senator Schumer.
Whatever one thinks of Facebook’s actions, it’s hard to envision how the FTC or any government agency could do anything that wouldn’t seriously interfere with the ability of businesses in young and fast-changing industries like social networking to introduce new services and try new business models. The exception would be if Facebook misrepresents to its users what it is doing. In that case, the FTC might have reason to bring an enforcement action under the current law.
So, despite the missteps, Facebook’s privacy practices are best left to be worked out between the site and its users. Notwithstanding its rapid growth, the company ultimately will not succeed if it isn’t responsive to its users’ privacy concerns.
What is interesting about the recent Facebook and Google Buzz privacy episodes is that the discussions have mostly not been about the use of information for targeted advertising. This strikes me as a positive development in that perhaps it will make people more aware of the real differences between information on social networking sites and the use of information for targeted advertising. People are understandably concerned about the unintentional dissemination of personal information about themselves, including potentially to people they know, and they therefore need to pay close attention to the privacy controls. That particular concern is not present with targeted advertising, because advertisers use information anonymously (see article by Paul Rubin and myself). Indeed, even the latest news about Facebook and other social networking sites sending information to advertisers about the last webpage a user visited before clicking on an ad, which could be the user’s profile page, is not particularly a cause for concern. (In any event, the sites have addressed the problem). The process of targeting advertising based on users’ interests does not involve human beings looking at any individual’s data. It is entirely automated.
I am not suggesting that targeted advertising has no connection to the new features being introduced by Facebook, Google and others for whom advertising is the major, often the sole, revenue source. These companies are trying to increase the number of eyeballs, the amount of time the eyeballs spend on their sites, and the quality of information available in order to better target advertising and thus increase revenues. Presumably, however, the information people make available is valuable for targeted advertising only when it is used anonymously.