I read the privacy policy for Facebook, a website that I use daily. I actually did read the privacy policy before joining Facebook, but I read it even more carefully this time. The policy was recently updated on November 19, 2009.
Ways to improve Facebook’s privacy policy
To improve its privacy policy and better protect its users’ privacy, Facebook should consider making the following changes:
1. The privacy policy should be written in a larger font.
The first thing I noticed was that the privacy policy is written in much smaller font than is used for wall posts and other content on Facebook. The contrast made the information difficult to read and would likely discourage some people from reading the information. If Facebook cares about privacy as much as it claims to, it needs to make the privacy policy easier to read.
2. Users should get a direct link to prevent their information from being shared with advertisers.
The policy highlights three key areas at the top of the page: privacy settings for Facebook, privacy settings for outside applications you may use through Facebook, and advertising. Facebook provides direct links where users can establish their privacy settings and application settings. However, while the site states, “ We will not share your information with advertisers without your consent,” it does not provide users with a direct link or detailed description about how to do this. Of course, it is in Facebook’s financial interest that its users not request that the site stop sharing their information with advertisers.
3. Facebook should clearly tell users how long it retains information once they delete it from their profiles.
The privacy policy states, “you can visit your profile at any time to add or remove personal information about yourself” but does not indicate how long the site retains information that you delete. Users to deserve to know if Facebook keeps information that they have chosen to delete from the site.
The policy indicates that Facebook may keep information from deleted profiles for up to 90 days, but it’s unclear if this also applies to information deleted from existing profiles.
4. Facebook should not default any privacy settings to “everyone.”
The privacy policy states clearly what it means to let “everyone” see your information: that everyone on the Internet can access that information, even people who are not members of Facebook; that the information can be indexed by search engines; and that Facebook and others can use the information without regard to privacy settings.
The policy goes on to say that Facebook still uses “everyone” as the default privacy setting for certain types of information. To protect users’ privacy, all settings should default to “only friends” or, at a minimum, “my network and friends.”
5. Restrictions on information shared with third parties needs to be much clearer.
Facebook’s privacy policy outlines a number of instances when Facebook may share users’ information with third parties. “The privacy policy states, “Sometimes we share aggregated information with third parties to help improve or promote our service. But we only do so in such a way that no individual user can be identified or linked to any specific action or information.”
This is vague and does not inspire confidence. Facebook should provide an example that illustrates when, how and why users’ information would be shared with third parties, and what types of information may be shared. Being specific would build trust with skeptical users.
Good things about Facebook’s privacy policy
Facebook’s privacy policy does some things well:
- Uses fairly plain language, especially compared to other website privacy policies I’ve read.
- Provides contact information clearly and conspicuously if people have questions or comments.
- Always links the words “privacy settings” directly to the page where users can establish their privacy settings.
- Provides examples to illustrate points that might otherwise be unclear to some readers. In explaining what types of information Facebook shares about its users with advertisers, the policy gives this example: ”we might use your interest in soccer to show you ads for soccer equipment, but we do not tell the soccer equipment company who you are.”
- When discussing security, links to a helpful series of security tips on the latest threats on Facebook and ways to protect yourself.
No comments:
Post a Comment