(Originally posted on the ACLU of Northern California’s Bytes and Pieces blog.)
Unfortunately, this last change also highlights the “app gap” issue that we have written about many times, and the proposed changes would actually make that worse by allowing third party pages and applications to use and store more information without increasing users’ ability to control or opt out of such access. Facebook needs to hear your voice demanding that it keep user privacy and control at the core of its service. Please visit Facebook’s site governance page or sign our petition and tell Facebook to give you full control over your personal information! And don’t forget to join our new privacy campaign, Demand Your dotRights!
Today’s Changes Highlight the “App Gap”
Under Facebook’s current policies, your data, including sensitive information such as your relationship status and photos you post, can be accessed not only by any application you run but also by any application or quiz that one of your friends runs. You can limit the information that applications and pages visited by your friends can see about you (for instructions, see our resource page), but you cannot prevent these applications from seeing “publicly available information” including your name, gender, and your friends list. That means that a lot of personal information about you can flow to third parties even if you never run an application.
Unfortunately, both of these requirements have been eliminated in the proposed new Statement of Rights and Responsibilities. Instead, Facebook Platform applications and Facebook Connect web sites are now allowed to store data they gather from the Facebook users they interact with and use that data for their own purposes (though when they access information about that user’s friends, they are only allowed to use this “friend data” in connection with the current user). The new policy does bar developers from transferring data to ad networks or data brokers and requires them to delete user data if specifically asked to do so by a user. However, it places the burden on the user to track or determine which sites and applications might store information about them rather than being certain that any application they stop using must delete their information.
Finally, Facebook has added a new category of partner sites, called “Facebook-Enhanced” sites, that can access your connections and other general information even before you allow them to do so. Facebook has yet to unveil its full plan for these sites, but they could present another threat to privacy.
This means that, if these changes go into effect, you will be able to hide your connections from your friends but not from applications that your friends run or Facebook-enabled sites they visit! Your gender, your fan pages, and maybe even your groups and events will be available to any application your friends choose to use, and you will have no ability to control that (unless you want to have no friends at all, we suppose). Does that make sense to you?
Tell Facebook: More Sharing? Then More Control!
It doesn’t to us. If Facebook wants to give Connect sites and Platform applications more freedom to collect and use information, it needs to ensure that user privacy is not left behind. In particular, Facebook needs to make sure that users have the ability to fully opt out of sharing information with applications and sites. This includes providing stronger default privacy settings and giving users the ability to prevent applications from accessing their own information instead of being forced to rely on their friends to make choices for them.
So please speak up and tell Facebook what you want! Visit Faceook’s site governance page and tell them to allow you to control your own personal information, including preventing applications from seeing your “connections” and other data. And please sign our petition and push Facebook to protect your privacy as it continues to evolve!
Demand a privacy upgrade! Demand Your dotRights!