Perhaps the first thing you need to know is that after Friday, Facebook will no longer be calling it a privacy policy. The name is being changed to "Data Use Policy."

And most importantly, if you "use or access" Facebook on or after Friday, you are agreeing to that name change, as well as all of the changes Facebook is making to its policy. We were given public comment from Sarah Downey of Abine, which she describes as "an online privacy company in Boston that is concerned with anti-privacy behavior by Facebook and other companies."

Her comments, which are being submitted to the FTC as part of the public-comment period that closes Friday, are a good breakdown of what the changes entail and a warning of why users may want to read the entire policy before agreeing to its terms.

"This Statement is take it or leave it: users agree to it simply by using Facebook. Most of them will never know when or if the Terms change, let alone what they mean." - Sarah Downey of Abine

We've asked Facebook to respond to the entire text of her statement and will update when we hear back from the company.

Many of the changes are to keep in accordance with an agreement with the Federal Trade Commission. But from where Downey sits, "the changes reflect the fact that Facebook is extending its data collecting tentacles in all directions: towards people who never even signed up for Facebook, activities that aren't clearly defined as sharing, and mediums that aren't clearly defined as advertising.

"There are also obvious imbalances of power throughout the Statement: for example, Facebook forces its app developers to adhere to privacy standards that Facebook itself doesn't do, like making it easy to delete your account," she said. "Furthermore, this Statement is take it or leave it: users agree to it simply by using Facebook. Most of them will never know when or if the Terms change, let alone what they mean."

On a point-by-point basis, Downey raises the following red flags:


  • Downey agrees with the name change, if only because it is more accurate of what the statement does: the statement is not about protecting the user's privacy, but instead about how Facebook uses their information and data. "Facebook has always been after your data and you have very little privacy on the site," she said. "It's also telling: the way that Facebook and other companies use your data IS your privacy. They're one in the same."

  • A change in section 2.3 of the policy essentially allows your friends to give apps permission to access your personal information. "Your friends' activities can implicate your personal information, which seems counter-intuitive," Downey said. "If I do not explicitly give an app permission to access my information, it should not have access to my information."

  • Overall, Downey said the policy makes it harder for companies like Abine, which develop apps to protect user privacy, to operate and offer service on Facebook.

  • Facebook's ban on multiple accounts and using a pseudonym may violate First Amendment protections in the U.S. "The courts have inferred a fundamental right to privacy from the Constitution, and anonymous speech is a recognized First Amendment right, online and offline," she said. "Facebook can try to undermine the Supreme Court all it wants, but it's not good policy and we should never accept it."

  • The new policy requires you to keep your profile and contact information up to date and acuarate. "Um, like hell I will," Downey said. "Facebook's just going to sell it and share it with who knows how many hundreds of partners, affiliates, third parties, and advertisers, and I'll have no idea where it will end up."

  • Downey is concerned that language in certain sections of the policy has been changed from "users" to "users and non-users who interact with Facebook." That could mean the policy can now extend to people who don't even have a Facebook account.


The new policy should not just concern Facebook users, Downey said. Third party developers should also be worried, as Facebook is now requiring comply with rules that the social network itself does not comply with.

Directives for app developers include:


  • "You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide a mechanism for users to make such a request."

  • "You will not sell user data."

  • "We can require you to delete user data if you use it in a way that we determine is inconsistent with users' expectations."

  • "You will make it easy for users to remove or disconnect from your application."


"Kind of like how Facebook makes it nearly impossible to delete your account, making you weigh deactivation versus deletion, wade through dozens of pages and links, and wait 2 weeks," Downey said. "Yeah, right."