Thursday, December 06, 2007

Beacon, Apologies and Privacy on Facebook

Facebook users share a multitude of personal details on their Facebook profiles. This is not news.

So what went wrong with Beacon that created such a public outcry over privacy concerns?

Beacon was implemented by Facebook as a “Business Solution” in early November of this year. The Beacon Facebook page reads “Enable your customers to share the actions they take on your website with their Facebook friends” and provides a brief overview of the program including what it entails and how it works. It encourages businesses to sign up for the program by adding only “3 lines of code” to their website.

An explanation of how the Beacon application works (for IT junkies only) can be found here.

Approximately 60 business who signed up for Beacon, including and, were given a direct link to advertise a purchase made by a Facebook user in his or her news feed. When a user made a purchase on a Beacon user website, an “opt out” option briefly appeared at the bottom right hand of the screen. If you missed the opt out clause, as so many Facebook users did, Beacon advertised your purchase by sharing it with all your Facebook friends in you news feed.

The Washington City Paper reported one story in which a user’s “diamond ring purchase [was advertised] to hundreds of classmates, friends, and coworkers—not to mention the ring’s intended recipient, his wife].” As a result, users began to feel both an invasion of privacy and a loss of control over their information.

This prompted the petition and in response, Facebook’s change to make Beacon an “opt in” system instead of an “opt out” system. But the public outcry continued, Facebook users continued to feel betrayed by the social networking site which had built its reputation on protecting user privacy.

Then came Mark Zuckerberg’s formal apology. The apology posted on Facebook’s blog, explains that Facebook “missed the right balance” between making Beacon “lightweight” and “easily controllable”. It further states the length of time with which Facebook responded to the problem “took too long”. As a further mechanism of information control, and perhaps in an attempt to demonstrate Facebook is still committed to privacy, the apology informs users that a privacy setting has been added allowing Facebook users to turn Beacon off entirely.

But is this enough to assure users that Facebook’s once abundantly clear objectives and commitments to its users remain in tact? Or is Beacon a warning to users that Facebook’s once committed attitude to user privacy is changing?

Aside from the new Beacon development, Facebook users will have already noted the recent changes to the social development site. Ads and applications are taking up prominent space on homepages, notifications and news feeds. Facebook’s privacy policy has also been revamped. Specifically, the policy’s section relating to the sharing of information with third parties has been significantly restructured.


A user must agree to permit a Platform Application to access his or her data before an application may be downloaded. Facebook enters into an agreement with the Platform Developer which “requires them to respect [user] privacy settings and strictly limits their collection, use, and storage of [user] information”. This agreement is not available online for review,

The privacy policy quickly continues by noting that “[Facebook] of course cannot and do not guarantee that all Platform Developers will abide by such Agreements” and that further “Facebook does not screen or approve Platform Developers and cannot control how such Platform Developers may use any personal information that they may obtain in connection with Platform Applications”.

But that’s not all, the policy further warns that “Platform Developers may require you to sign up to their own terms of service, privacy policies or other policies, which may give them additional rights or impose additional obligations on [the user]”. Any “suspected misuse” by the Platform Developers may be reported to Facebook for appropriate action.


Perhaps Facebook has been reading our posts on the ongoing usage of Facebook information in Court when they added this clause to their privacy policy:

We may be required to disclose user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We do not reveal information until we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. Additionally, we may share account or other information when we believe it is necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Facebook service or using the Facebook name, or to prevent imminent bodily harm. This may include sharing information with other companies, lawyers, agents or government agencies
Facilitating Business:

The examples listed of methods in which Facebook facilitates business include:
· host the service at a co-location facility for servers
· send out email updates about Facebook
· remove repetitive information from our user lists
· process payments for products or services
· offer an online job application process
· provide search results or links (including sponsored links)
Facebook may provide third party sites limited access to user personal information for any of these. As with the Platform Applications, the privacy policy further provides that “Facebook implements reasonable contractual and technical protection limiting the use of the use of that information”

One of the things that has not changed on Facebook’s privacy policy is the following warning:
You post User Content (as defined in the Facebook Terms of Use) on the Site at your own risk. Although we allow you to set privacy options that limit access to your pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your pages and information. Therefore, we cannot and do not guarantee that User Content you post on the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site. You understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content.
In light of recent events, and the ever- changing Facebook, we highly encourage that all Facebook users not only familiarize themselves with Facebook’s privacy policy and review their privacy setting regularly, but that users also stay up to date on Facebook changes through the Facebook blog.

- Annie Noa Kenet, Toronto

Visit our Toronto Law Firm website:


Post a Comment