After a number of protests and reports on Facebook’s blatant violation of user privacy, Facebook is finally being forced to change. One of their biggest mandatory changes is due to an audit by the DPC (Data Protection Commissioner) from Ireland. In order to comply with the recommendations in the 149 page audit Facebook is making a total of 45 different changes that will be implemented in 2012.
So what are these changes going to entail?
Well, most of the changes Facebook is going to make will deal with how Facebook handles and retains user data. On top of that, Facebook will also ensure that it is educating its users more thoroughly on how Facebook will be storing their data. Unfortunately for Facebook several of their new changes will require a significant amount of technical work (undoubtedly why their due date is a bit later).
A good thing for Facebook is that they did get away with allowing ad businesses to continue to provide targeted ads based on user’s personal data without having to require users to opt-in to this. Another feature they retained was their facial recognition feature.
So what changes is Facebook going to make? Well, let’s highlight some of the major ones below.
– Restrict how much data social plugins can access as well as instruct users on how their data will be used and retained
– Delete personal data after the original purpose for it has been fulfilled
– Delete all social plugin information after 90 days
– Make all ad clicks anonymous after two years
– Work on better ways to ensure developers aren’t abusing user data
– Add more information to Facebook’s Data Use Policy for their credits
– And much much more.
The list of changes Facebook is going to make should (mostly) be completed by early 2012 with a few lagging behind until the fourth quarter next year. Additionally some of the “recommendations” the Data Protection Commissioner requested were not actually something Facebook could complete by a certain date – rather them continuously educating, expanding, and maintaining certain features.
While the DPC’s massive list was mostly on the changes Facebook needed to make, they did take the time to congratulate Facebook on a few of their current features:
– Third party apps are unable to gain access to Facebook user’s information without the users consent
– Facebook employees only gain user information when it is necessary
– Facebook makes it readily available for its users to report abuse
– Pseudonymous account disability is justified
– Data harvesting via screen-scraping is protected against
Facebook clearly has a LONG way to go before its user’s privacy is adequately protected from unwanted solicitation and use. While many of these implementations are great, they are far overdue. It is evident that Facebook will continue to push boundaries until they are told no. When they are reprimanded they simply apologize, fix only a little bit, then try new methods of exploiting information for profit.
Let’s see how long Facebook can go without another reprimand due to privacy concerns/violations!