Facebook ratchets up privacy controls (again)

A recent simplification of Facebook's user privacy controls wasn't enough for some policymakers.

On Thursday, in conjunction with the Canadian Privacy Commissioner, Facebook announced a new set of modifications to its user privacy controls as well as its developer API, and the targets of these changes are the thousands of third-party applications built on Facebook's developer platform. That means there may be major implications for developers--some of whom rely almost exclusively on Facebook activity as a revenue source.

The Canadian Privacy Commissioner's office released a set of recommendations for Facebook last month, specifically highlighting concerns that third-party applications could access a significant amount of users' personal data. "It's clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates," commissioner Jennifer Stoddart said in a release at the time.

Facebook's newest set of changes will require third-party applications to specify which fields of user data they access (birthdays, favorite music, geographic location, etc.) and will require users to offer explicit permission before an app can access any of their friends' profile data. This is also in tune with recommendations offered earlier this week by a chapter of the American Civil Liberties Union, which highlighted the amount of personal data that third-party apps can access--sometimes without a user knowing it.

"Our productive and constructive dialogue with the Commissioner's office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users," Elliot Schrage, Facebook's vice president of global communications and public policy, said in a release Thursday. "We believe that these changes are not only great for our users and address all of the Commissioners' outstanding concerns, but they also set a new standard for the industry."

But what does it mean for developers? This could make it difficult for some apps--particularly the sillier ones that rely on heavy viral spread and often one-time use--to gain traction and stay effective. These are similar concerns to those that arose when Facebook cracked down on apps that it deemed "spammy" (and often rightfully so). But on the other hand, the new privacy controls could stem off bad press that could easily paint the developer platform as a whole as unsafe or untrustworthy.

"It is important for developers to have access to information, but we want to balance that with transparency and control for users," Ethan Beard, Facebook's director of platform product marketing, said in a blog post geared toward developers.

"We have committed to making these enhancements over the next twelve months, and anticipate a lengthy beta period including opportunities for you to provide input, multiple blog posts, and updated documentation delivered well ahead of time," Beard's post continued. "Understanding that this will likely require modifications to your code base, we want to give you the earliest heads up that these enhancements are on our road map."

[kingsnoofer]

It's an ongoing process. Likely it will never be perfect. But it's nice to see Facebook responding to people's concerns and patching the holes.

[aclu-nc]

Want to understand what this all means and how to change your Facebook privacy settings now to better protect your personal information? Check out the ACLU of Northern California Facebook Privacy Quiz at http://apps.facebook.com/aclunc_privacy_quiz/

More info at our blog at http://www.aclunc.org/techblog.

[mcclurec]

The problem is that it doesn't prevent social engineering from happening. All a developer has to do is state "this info is required for for the application" with the explicit options already selected (for the user's convenience of course) and most people will go straight to the application without reading.

[guytaur1]

I have to say thank you to the Canadian Regulatory Authorities.

The easy fix on privacy is that Facebook should have to ask permission to let applications use your personal information in first place. Not as you apply for each application but a rule that the user makes on their account.
This might force application developers to get more careful about what personal information they are able to use. After all how many applications really need an ID check for you to use them really.

[Garken]

About time, but guytaur is right, it needs to go further.