Facebook today announced that application developers will be allowed to store user data for more than 24 hours, removing a major restriction that the company had imposed on its ecosystem for years. Competitors like Twitter and MySpace had no such restrictions and now Facebook is in the same boat. Founder Mark Zukerberg used to say that the rule against storing data was essential to protect users and their privacy.
Where are those now? Privacy, Zuckerberg told me in a March 2008 interview, “is the vector around which Facebook operates.” Two years later, not so much.
In a December 2009 interview, Zuckerberg said that Facebook’s new public-by-default privacy settings reflected how he would build the site if he were to do it again from scratch today. Compare below what Zuckerberg said in 2008 and what today’s new Developer Terms of Service say about holding on to user data now.
I believe that the Facebook policy change on storing user data is a net win for the web: it will enable all kinds of new innovation. It was that kind of innovation that I was asking about two years ago when I got the following answer about privacy that just doesn’t sound right anymore today.
Zuckerberg on Data Portability, March 10th 2008 interview with ReadWriteWeb:
“If you export your friends list, does their contact information come with that? What if they change their privacy settings later? Right now if you take an action that gets published to your friends’ news feeds, but then if you change your privacy settings later to be more restrictive – then those events disappear from the news feeds. If that data is published off-site, then there’s no longer any control over the data for users.” (emphasis added)
And today, on the new Developers’ Terms of Service:
You must give users control over their data by posting a privacy policy that explains what data you collect, and how you will use, store, and/or transfer their data….You may cache data you receive from the Facebook API in order to improve your application’s user experience, but you should try to keep the data up to date…You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide a mechanism for users to make such a request. (emphasis added)
One thing that remains the same? “You cannot use a user’s friend list outside of your application, even if a user consents to such use.” Facebook doesn’t want you taking your data out of the Facebook ecosystem, to other competing services, but it doesn’t insist that 3rd parties under its shadow check in with you daily anymore, either. It’s hard not to feel a little cynical about that.