The Electronic Privacy Information Center and 14 other consumer protection groups lodged a formal complaint against Facebook with the Federal Trade Commission on Wednesday. The groups take issue with Facebook's privacy policies and accuse the site of unfair and deceptive trade practices that "violate user expectations, diminish user privacy, and contradict Facebook's own representations."
At issue are Facebook's Instant Personalization feature; the inability of Facebook users to make the 'Likes and Interests' section of their profile private; and the fact that Facebook discloses user profile information in certain ways even if a user has elected to keep that information private.
The complaint asks the FTC to order Facebook to "restore privacy settings that were previously available...give users meaningful control over personal information, and seek other appropriate injunctive and compensatory relief."
Here's a quick look at the three main points of contention contained in the FTC complaint:
A new service unveiled by Facebook in April allows select Facebook partners to automatically tailor Web site visits to your personal tastes when signed into Facebook. The new feature, called Instant Personalization, is currently available only on Yelp, Pandora, and Microsoft's new document sharing site, Docs.com. Whenever you visit Pandora, for example, the site can automatically grab your music preferences from the 'Likes and Interests' section of your Facebook profile. Pandora can then show you music selections it thinks you might like, and all of this happens without any action on your part.
On the one hand, this is a great way for services to cater to your tastes and preferences. The problem is, the FTC complaint argues, Instant Personalization discloses this information "without first obtaining users' consent." Even though Facebook provided users with large notifications about the new Instant Personalization when the service launched, the social network automatically turned on the new feature for all users when Instant Personalization launched. Facebook has since moved to an opt-in instead of an opt-out model for Instant Personalization, according to EPIC.
Facebook has also made it difficult to block Instant Personalization if a user doesn't want to use the new feature. Even if a user opts out of Instant Personalization, their information can still be "disclosed to third-party sites through the user's friends who have not disabled Instant Personalization." To completely stop Instant Personalization from accessing your information through a friend's profile, you have to visit the Facebook page for every Instant Personalization site and click the 'Block application' link. As I argued in April, this policy places an unfair burden on the user, especially if Facebook expands the Instant Personalization service from just three partners to include hundreds of sites.
The FTC complaint accuses Facebook of concealing a "users' ability to fully disable Instant Personalization" through the social network's 'block application' process. The complaint also points out that "Facebook has so effectively concealed the process of disabling Instant Personalization that many outside articles have been devoted to guiding users through the process." PCWorld has devoted many articles to privacy concerns over Facebook's new features some of which you can find here, here, here, and here.
Likes and Interests Go PublicRecent revisions to Facebook's privacy policies reclassified your profile information as connections, which includes your friends, likes, and interests, and may also mean current city, hometown, family, relationships, networks, activities, interests, and places.
Connections are now made publicly available by default. EPIC and the other privacy groups are concerned about this policy since most users signed up for Facebook with the understanding that some of this reclassified information would not be made public. The complaint also takes issue with the fact that 'Likes and Interests' are no longer plain text entries, but are linked with outside pages and pages within Facebook.
This means that while a user can elect to hide their likes and interests from other Facebook users, that information is still publicly available on "friends' pages, community pages, and to third-party Web sites."
This disclosure of previously private information leads to what may be the most damning and inflammatory accusation in the complaint against Facebook. The privacy groups argue that Facebook's "privacy settings are designed to confuse users and to frustrate attempts to limit the public disclosure of personal information that many Facebook users choose to share only with family and friends."
EPIC's Privacy Coalition
Joining EPIC in its complaint against Facebook are the Bill of Rights Defense Committee, Center for Digital Democracy, Center for Financial Privacy and Human Rights, Center for Media and Democracy, Consumer Federation of America, Consumer Task Force for Automotive Issues, Consumer Watchdog, Foolproof Initiative, Patient Privacy Rights, Privacy Activism, Privacy Journal, Privacy Rights Clearing House, United States Bill of Rights Foundation, and U.S. PIRG.
This is not the first time EPIC has led the charge against Facebook. In 2009, Facebook reversed a decision to change its privacy policies after EPIC threatened to file a complaint with the FTC. The policy change led to a new user-oriented policy to govern changes to Facebook's privacy policies and terms of service.
Since then, Facebook has garnered controversy over public statements made about privacy, and new features added to Facebook's massive social network. Earlier on Wednesday, Facebook had to briefly shut down its instant messaging service after it was discovered that a software bug allowed users to view their Facebook friends' private chats. Also on Wednesday, PCWorld reported that Facebook applications could be added to your Facebook profile without the your knowledge.
If you'd like to read the entire complaint made against Facebook to the FTC, you can find it here (PDF).
Connect with Ian on Twitter (@ianpaul).
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.