Privacy groups respond to Facebook policy changes

Peter Gothard |

Two internet privacy groups have responded to Facebook’s published intentions to share its data with recently-acquired Instagram, as well as eliminate a user voting system and loosen restrictions on who can email users with unsolicited material.

The Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) have penned a letter addressed directly to Facebook’s founder, Mark Zuckerberg.

The letter reminds Zuckerberg that, in 2009, Facebook agreed to introduce a user voting system that meant if 7,000 users voted against a certain proposed motion in the site’s governance, the motion would not be able to go ahead.

An announcement by Facebook on 21 November states that Facebook “found that the voting mechanism, which is triggered by a specific number of comments, actually resulted in a system that incentivised the quantity of comments over their quality”.

“Therefore,” continues the post, “we’re proposing to end the voting component of the process in favor of a system that leads to more meaningful feedback and engagement.”

The letter to Zuckerberg argues that, “although Facebook’s existing voting mechanism set an unreasonably high participation threshold, scrapping the mechanism altogether raises questions about Facebook’s willingness to take seriously the participation of Facebook users.”

The letter also raises concerns at Facebook’s intentions to shift privacy boundaries between it and its acquisitions with the proposed “Affiliates” section of the site, which Facebook more specifically states will mean the company “may share information we receive with businesses that are legally part of the same group of companies that Facebook is part of, or that become part of that group.”

“Facebook’s proposed changes implicate the terms of a recent settlement with the Federal Trade Commission,” reads the letter, referring to the FTC’s August decision to allow Facebook to buy up the photo sharing app, when Facebook had made clear an intention to let Facebook and Instagram continue as separate concerns.

“The settlement prohibits Facebook from misrepresenting the extent to which it maintains the privacy or security of covered information,” says the letter.

Finally, the advocacy groups’ letter questions Facebook’s mention of “replacing the ‘Who can send you Facebook messages’ setting with new filters for managing incoming messages”.

“As it exists now, the Data Use Policy grants users the right to ‘control who can start a message thread’ with users, with the provision that ‘if they include others on that message, the others can reply too,'” reads the letter.

However, EPIC and CCD suggest that the proposed revision would “eliminate” this control, introducing a likelihood “to increase the amount of spam that users receive”.

“Facilitating spam violates users’ privacy and security, as many Facebook scams are accomplished through the messaging feature,” the groups argue.

Since its IPO in May, Facebook has faced the ongoing problem of monetising its business plan in an online world that is both turning increasingly to mobile, making it harder to advertise to, while at the same time becoming ever more aware of how personal data silos such as social networking sites can represent security risks.

While it is understandable that Facebook will want to share information with acquired companies such as Instagram — for which it paid $1bn shortly before its IPO — such decisions carry increasing weight.

With Google in a constant battle with bodies such as the EU over its privacy policies, Facebook — no matter how public and apparently clear its intentions — cannot afford to change the rules too often as the spotlight on personal information harvesting becomes ever brighter.