A pair of U.S.-based privacy advocacy groups say Facebook’s recently proposed policy changes would be a disaster for users, and may even violate the law. The groups have asked the social network to scrap the suggested provisions to is Data Use and Site Governance Policies altogether.
Facebook hopes to end its practice of allowing users to vote on proposed changes. It also wants to make changes to the messaging settings, and allow for greater sharing of user data between Facebook and “affiliates,” such as Instagram.
In a letter (PDF) to Facebook CEO Mark Zuckerberg, the Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) assert that these changes “raise privacy risks for users, may be contrary to law, and violate your previous commitments to users about site governance …”
The problem with this, say the groups, is that “[b]y removing users’ ability to prevent strangers from sending unwanted messages, the proposed changes are likely to increase the amount of spam that users receive.” This, in turn, “violates users’ privacy and security, as many Facebook scams are accomplished through the messaging feature.”
Second, Facebook wants to be able to share user data with “affiliates,” rather than just advertisers. The most notable affiliate is, of course, Instagram. According to the groups, “Facebook’s decision to combine personal information from Facebook and Instagram raises privacy issues” because consolidating user data would make it easier for hackers to steal that personal information.
Contrary to law
In April, Facebook settled with the Federal Trade Commission over charges that it “repeatedly deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public,” according to the FTC. As part of the settlement, the social network must receive “express consent” from users before sharing their personal information “beyond their privacy settings.” Facebook must also provide “clear and prominent notice” before a user’s information is shared.
EPIC and CDD argue that the sharing of information between Facebook and Instagram may be in violation of the company’s settlement with the FTC because doing so may not satisfy either of the terms of the deal listed above.
Vote no more
Back in 2009, after being hit with privacy complaints from groups like EPIC, Facebook voluntarily instituted a voting process for changes to its site governance policies. The rules of the process stated that it would announce proposed changes in a blog post, and if the post receive a minimum of 7,000 comments within 30 days, the changes would go up for a vote. If the proposal received fewer than 7,000 comments, Facebook would automatically institute the changes.
(At present, about 18,600 comments – in English only – have been posted to the most recent proposed policy changes, with an unofficial majority in opposition to the new provisions.)
In the event that a proposal is subjected to user vote, a full 30 percent of users – which currently equals about 300 million people, or the entire population of the United States – would have to vote against the changes to prevent Facebook from adopting them. This year, however, Facebook wants to do away with the whole voting part entirely.
“In the past, your substantive feedback has led to changes to the proposals we made. However, we found that the voting mechanism, which is triggered by a specific number of comments, actually resulted in a system that incentivized the quantity of comments over their quality,” wrote Facebook’s Elliot Schrage in the proposal. “Therefore, we’re proposing to end the voting component of the process in favor of a system that leads to more meaningful feedback and engagement.”
EPIC and CDD say that, while the current system already requires an “unreasonably high participation threshold, scrapping the mechanism altogether raises questions about Facebook’s willingness to take seriously the participation of Facebook users.”
Facebook was not immediately available for comment on the EPIC/CDD letter. We will update this space with any response we receive.