Thursday, February 19, 2009

Facebook U-Turn on New Terms and Conditions

Following Facebook's recent climbdown on their change of terms & conditions to continue claiming a license to use and publish user data even after users delete their profile, here's a few comments from me in New Scientist.

As I said to the interviewer but which failed to get quoted, the real interest in this little storm in a digital tea cup has been in demonstrating what lawyers know but users rarely think of, namely that Facebook can change their terms any time they damn well like, to be more - or usually less - privacy-friendly.

At the moment, FB's privacy policy declares that users only consent to the sharing of their data with advertisers and marketers in anonymised or aggregated form - but there is no reason why that can't change any day to FB selling full details of user's personal data. And given the downturn in the advertising fortunes of web 2.0, and the fact that Facebook anecdotally still makes almost no money despite its huge userbase and is worth far less than was once thought, can that day be far away?

Ownership of personal data and control over user's own generated content are issue that could well be regulated by model clauses in the current boom in Codes of Practice for social networking sites: instead unsurprisingly they tend to concentrate on kiddy safety - see eg the latest EC effort in this direction. THe proposals do however include the useful provision that the profiles of all users under 18 should be set to "friends only" by default. (This ignores the need for protection of adult privacy though.)

In any case, even sales of aggregate anonymised data now pose a danger to privacy which current DP law wholly fails to notice. At the recent Information Security Best Practices conference 2009 run by Wharton College, Pennsylvania, several security expert speakers in te Data Mining and Privacy panel emphasised the improvements in deriving personal data from aggregate data. The bottom line appears to be that anonymised data as a concept is heading for extinction. Interesting times.

(And despite all this Pangloss is still on FB, albeit behind a lot of privacy locks. Do as I say not as I do, kiddoes.)

Schedule update:

24 February , PLC seminar: "Social Networking Sites, Privacy and Other Legal Aspects", sold out but contact for cancellations.

4 March , Aberdeen University Law Faculty, "Phishing In A Cyber Credit Crunch World".

18-20 March, WSRI Web Science Conference, Athens, chairing panel on "“What can Web Science Do for the Privacy of Data Subjects?: Law, Privacy and Data Retention in a Post 9/11 World”

23 March, London, attending Privacy Value Network Advisory Board.

30-31 March: speaking at SCRIPT-ed Governance of New Technologies Conference, Edinburgh

22-23 April: speaking at BILETA 2009 - The 24th Annual Conference, Winchester

That'll do for now:)

No comments: