Facebook’s Open Graph API is getting some negative attention in Washington today. Four democratic U.S. senators, Charles Schumer, Michael Bennet, Mark Begich and Al Franken, sent a letter to Facebook’s founder and CEO Mark Zuckerberg earlier this morning, asking for clarification about the privacy implications of Facebook’s latest initiatives. Specifically, these senators complain about the company’s new policy to allow third-party developers to store data for more than 24 hours, Facebook’s Instant Personalization feature and the social network’s new initiatives that make more of its users’ personal information public by default.
Washington and Facebook Privacy
The discussion in Washington mostly centers around the fact that Facebook’s new Instant Personalization service is opt-out. Facebook’s current partners – Microsoft’s Docs.com, Pandora and Yelp – automatically get access to a subset of your personal data whenever you visit their sites while you are logged in to Facebook. According to the senators, Facebook now shares “significant and personal data points that should be kept private unless the user chooses to share them.”
U.S. senators: “Significant and personal data points that should be kept private unless the user chooses to share them.”
In his response to the senators’ concerns, Facebook’s VP of global communications Elliot Schrage argues that these new products are “designed to enhance personalization and promote social activity across the Internet while continuing to give users unprecedented control over what information they share, when they want to share it, and with whom.”
Facebook: We “give users unprecedented control over what information they share, when they want to share it, and with whom.”
This discussion comes down to Facebook’s decision to make many of its latest features opt-out instead of opt-in. Currently, Facebook is only testing Instant Personalization with a small number of hand-selected partners. Facebook’s ambition, however, is to turn itself into the hub for personalization on virtually every site on the Internet, so this small group of partners could soon grow exponentially. This – combined with the end of the company’s 24-hour limit on storing data by third-party developers – could potentially pose a serious threat to its users’ privacy.
Opt-In vs. Opt-Out
There is a reason why Facebook is currently using opt-out as its default. After all, this guarantees Facebook the largest possible user base for these features and the best possible user experience for those who want to use them. Making new features opt-in exposes Facebook to the (very real) possibility that not enough users sign up and that the reach of its current and future initiatives will be very limited.
On the other hand, if its users really wanted to these features, wouldn’t they just opt-in if asked? And if these features turn out to be really useful, wouldn’t word about them spread across Facebook like a wildfire?
Should Facebook Make Opt-Out Its Default?
Given the Beacon fiasco from 2007 – and the recent discussion around how Google handled the launch of Buzz – however, we have to wonder if Facebook simply didn’t learn its own lessons.
Facebook already hosts more private information about its users than any other site on the Internet. Given the company’s current trajectory of exposing more and more personal data, it’s probably time for the company to establish a consistent policy for how it plans to handle personal data in the future and make it very easy for users to opt out of any new initiatives that will expose more of a user’s data to third parties in the future.
If you want to make sure that Facebook developers can’t access your personal data, here are Sarah Perez’s excellent instructions for how to opt-out.