Like it or not, Facebook has become a fact of life. Many of us depend on the service to share our interests and life events with our friends. In my experience, Facebook membership is hard to resist (peer pressure), and even harder to give up once you get hooked.
Though Facebook is a private business that can (within the limits of the law) do business any way it pleases, a mass user exodus over privacy issues and business practices would arguably be bad for both Facebook and Facebook users.
1. Let me know what I'm getting into (or out of). Facebook provides me with a valuable free service in exchange for giving it the opportunity to make money off of my demographic and preference data. For many users this is a completely fair bargain, but Facebook should be obligated to explain the terms of the bargain clearly to current and prospective users, giving them the opportunity to delete--or decline to create--a Facebook account.
Facebook often introduces new policies and features by touting their supposed benefits to users, while neglecting to mention how the changes might also make more user data public and generate more money for Facebook. As a matter of fundamental fairness, when it introduces a new feature or policy (such as Instant Personalization) that might expose more of my data to more people, Facebook must explain both the benefit to me and the benefit to Facebook.
2. Tell me what I'm broadcasting to the world. Facebook should devise a system that will enable me to immediately ascertain the privacy level of each piece of demographic, interest, preference, or comment data I post at the site.
3. Let me opt in to sharing my data; don't make me opt out of it. When I add new information about myself in Facebook (my NRA membership, say, or my recent interest in baby clothes), this information typically becomes viewable to everyone on Facebook--including to people who find my profile by using a search engine. Currently I'm expected to locate and adjust the appropriate privacy setting to make that information private. But the default for most such data should be no sharing.
While I accept that some of my personal details--such as my name, photo, gender, connections, and user ID number--must be made public in order for me to participate in Facebook, all other data I choose to post on Facebook should be available to no one but me and my friends, unless I say otherwise.
4. Make privacy settings simple. I should not have to dig through layers and layers of complicated privacy settings to make sure that only my friends can see my personal data. Privacy settings should simple enough that my mother could set the privacy levels on all her data to the specifications she wants in 10 minutes. Unfortunately, as a seller of users' posted information, Facebook clearly has a monetary interest in keeping as much of that data as possible "public"--and it sometimes seems as though the company has deliberately made its privacy settings complicated to discourage users from locating and shielding all of the data types that they wish to mark "private."
5. Give me more control over photos. Facebook must obtain my permission before allowing another user to tag me in a photo. As it works now, I have the right to remove tags that others use to identify me by name in a photo, but I don't have the right to approve (or reject) the tag before it appears. If a photo casts me in an unfavorable or embarrassing light, many people inside and outside Facebook (tags are searchable) may see the image before I discover it and remove the tag. Merely giving me the opportunity to remove the tag after the fact doesn't give me enough control over my privacy; I deserve the right to approve all photo tags of me before they appear. On a related note, I should own the photos I post at Facebook; they should never become the property of Facebook.
6. Tell me what data I'm sharing with apps. One of the ways Facebook makes money is through profit-sharing agreements with developers who offer "apps" at Facebook. When Facebook offers to add an app (like "Mafia Wars" or "Farmville") to a user's account, it says only that the app may "pull your profile information, photos, your friends' info, and other content that it requires to work." This is far too vague a description of what the app is designed to do. Facebook, with the cooperation of the app maker, must tell me exactly what elements of my information the app will access.
7. What happens in Facebook should stay in Facebook. None of the contacts, friends, tags, and connections I post or create at Facebook, and none of my media uploads (photos, music, videos, and so on), should be indexable by search engines without my express permission. I joined Facebook to share information with my friends or with the wider Facebook community--not with just anybody on the Web.
8. Don't surprise me. Facebook must give me (and all other users) 14 days advance notice when any significant change to its data management policies is imminent. Facebook must also directly and immediately notify us of bugs or mishaps and must advise us if data it holds may have been leaked or lost.
10. Give me the right to quit and leave nothing behind. If I decide to cancel my Facebook account, Facebook must find and delete ALL of the personal information and media I have posted to its servers--immediately.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.