Facebook Promises Stronger Privacy Controls

Developers who create Facebook applications will have to get explicit permission to use personal information from Facebook users.
In a move that may instill a sense of deja vu, Facebook plans to add new privacy protections for its users.

The last time Facebook enhanced user privacy protection was in July, when chief privacy officer Chris Kelly said that Facebook was the process of simplifying and standardizing its privacy settings.

Last year, under pressure from various state Attorneys General, Facebook committed to privacy changes to protect young people using the service. Kelly promised "to continue improving our technology and policy solutions to keep kids safer on Facebook."

However, the safety of minors on social networking sites remains an issue. Last week, for instance, the FBI arrested a 28-year-old man in Orange County, Calif., for allegedly attempting to use social networking sites, including Facebook and MySpace, in conjunction with e-mail and text messages, to lure underage girls for sex.

In 2007, in response to an investigation by New York State Attorney General Andrew Cuomo, Facebook agreed "to develop sophisticated safety technology and offer users extensive privacy controls so they can make their information available only to the people they choose," as Kelly put it at the time.

Despite such efforts, Facebook continues to draw flak from privacy advocates. On Wednesday, the ACLU of Northern California posted a Facebook quiz application to show how much information can be exposed by participating in the social networking site's quizzes. In a statement, Chris Conley, technology and civil liberties fellow at the ACLU of Northern California, urged Facebook to make its privacy controls stronger and more effective.

Facebook's announcement on Thursday follows an investigation led by Canada's Privacy Commissioner, Jennifer Stoddart, who said the changes Facebook has agreed to implement will better protect the privacy of Facebook's 200 million users in Canada and around the globe.

In prepared remarks presented at a press conference in Ottawa, Ontario, Stoddart said that one of the biggest concerns arising from her investigation was "the over-sharing of users' personal information with third-party developers who create popular Facebook applications such as games and quizzes."

Facebook, she said, has agreed to prevent developers of Facebook applications from accessing user personal information unless explicit consent has been granted.

Facebook also agreed to clarify the distinction between account deactivation and account deletion, to protect the privacy of non-users invited to join the site, and to explain in its privacy policy that it may retain deceased users Facebook profiles as a memorial for friends.

"Giving people more control over what information they share and with whom is at the heart of how we think about privacy at Facebook," said Tim Sparapani, director of public policy at Facebook, in an online post. "As people better understand how information is shared and gain more control over it, they become more comfortable and confident in sharing -- whether it be photos of a vacation or a status update about how they're feeling today."

Comfort and confidence, however, may not always be a good idea. In July, San Francisco Bay Area videographer Matt Chapman reported being robbed and suspects that his posts about his travel plans on Twitter and Facebook may have led to the break-in during his absence.

InformationWeek has published an in-depth report on smartphone security. Download the report here (registration required).