Facebook will enhance its social-networking site's privacy features over the next 12 months as a result of a set of recommendations from the Canadian government.
Facebook will increase the information it provides to its users about its privacy features, as well as make technical changes to tighten privacy controls, the company said Thursday.
The changes come as a direct result of a review of Facebook's privacy policies and controls conducted by the Office of the Privacy Commissioner of Canada. Facebook cooperated with the Canadian agency's study, which lasted more than a year.
For the tens of thousands of third-party applications built for the Facebook platform, Facebook will begin to require that they comply with a new set of permissions, specifying the types of information they want to access. "Express consent" from end users will also be required before their data and their friends' data is made available to external applications.
In a separate statement issued by her office, Privacy Commissioner of Canada Jennifer Stoddart said the changes to privacy policies and practices that Facebook has agreed to make will bring it into compliance with Canadian law.
"We're very pleased Facebook has been responsive to our recommendations," she said in the statement.
The Canadian agency's biggest concern has been what it called application developers' "virtually unrestricted access to Facebook users' personal information."
The new privacy requirements for third-party applications will take about a year to implement because they involve changes to the Facebook platform's API (application programming interface) and to the applications themselves. It will be interesting to see how Facebook developers react to the news that they will have to re-tool their applications to comply with these stricter privacy controls.
In a blog posting for its developer community, Facebook official Ethan Beard didn't sugar-coat the implications of the changes to the API.
"We have committed to making these enhancements over the next twelve months, and anticipate a lengthy beta period including opportunities for you to provide input, multiple blog posts, and updated documentation delivered well ahead of time. Understanding that this will likely require modifications to your code base, we want to give you the earliest heads up that these enhancements are on our road map," Beard wrote.
Ultimately, the goal is to make Facebook members better informed about how applications use their data, and to give them more control. "This should result in better informed users who are more eager to engage with applications on Facebook," he wrote.
Caroline Dangson, an IDC analyst, calls this move an important one because end-users usually don't distinguish between Facebook and its third-party applications. "This means that if users feel their privacy is breached by an application, Facebook will still get the blame," she said via e-mail.
Until now, end-users have had granular privacy options on Facebook itself, but not so much when it comes to the third-party applications, she said. "Information shared with third-party applications has remained too vague," Dangson said.
For Al Hilwa, another IDC analyst, privacy is a critical area in the maturation of the Internet, and bad privacy policies at the API level can lead to a multiplication of these types of problems.
This is why, in order to gain lasting trust from end-users, social-networking sites need to tighten up APIs and police their third-party applications, he said via e-mail.
"APIs amplify any privacy imperfections of a social network site by multiplying the problem to the extent that developers adopt them," Hilwa said.
The social networking industry has so far taken a cavalier and casual attitude toward privacy, often arguing that the younger generations are more relaxed about online privacy, Hilwa said. This is a mistake, he said.
"Privacy is an enduring value and becomes more critical and consequential with the proliferation of information in the information age. Younger generations place lower values on a lot of things but change their mind as they grow up -- that's probably the more durable pattern," he said.
In July, Facebook announced plans to simplify its privacy features, saying that they have become too numerous and complicated for end users to understand and apply.
Under pressure from Twitter, Facebook is also in the process of adding less restrictive privacy settings for end users who want to make their profiles, or at least portions of it, more public and thus more widely available to others on and off Facebook.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.