Case Studies
Facebook’s “Unfriendly” Privacy
Policies
Facebook CEO, Marc Zuckerberg, couldn’t
quite believe all the attention he was getting.
Facebook was on the verge of its initial
public offering (IPO), and it seemed that the
media couldn’t get enough of this Cinderella
story. Zuckerberg had created a primitive
version of the social media application in his
Harvard dorm room. Thanks to its immediate
popularity, he commercialized this product
and founded Facebook, a pioneer in social
networking. There were 1.4 billion active
users on Facebook and the company’s
revenue exceeded $12 billion. As
Zuckerberg traveled around the country to
promote the IPO, the press followed him
everywhere. The Facebook IPO took place
on May 18, 2012, making many of its brash
and talented managers instant millionaires
by the end of 2014. Since the IPO,
Facebook’s user base has expanded to 2.7
billion. It has also grown by making strategic
acquisitions including WhatsApp and
Instagram.
Most people at the social network company
welcomed the publicity and attention
surrounding the IPO. But over the years
Facebook has attracted negative publicity
and unwelcome attention for its controversial
privacy policies. Facebook has had to deal
with several embarrassing missteps as it
struggles to reconcile user privacy with an
open network. The company’s policies have
been the object of scrutiny by the U.S.
Federal Trade Commission, which has
investigated a number of privacy-related
complaints. Problems arise from Facebook’s
business model: collect voluminous
information about the user base so that
advertisers can target Facebook users with
more precision. This case reviews some of
Facebook’s most contentious privacy
policies and disputes.
Facebook first caught the attention of privacy
advocates in 2007, when it implemented a
technology known as the “News Feed.” This
feature was designed to display in real time
changes a person makes to her user profile
on the home pages of all of her online
friends. A Facebook user like Sally no longer
had to visit the pages of all her friends to see
updates since those updates were now
57
automatically shared in a stream of data
appearing on Sally’s homepage. To the
surprise of the company, users initially
balked at this innovation and Facebook had
to abandon this default feature, but it has
now become the “most valuable billboard on
earth.”
In that same year, Facebook launched an illfated venture known as the Beacon
program, a new way to “socially distribute
information.” Thanks to Beacon, advertisers
and web merchants could track user
purchases across the internet. A Facebook
user’s purchase on a website (such as
Amazon) was disclosed to his or her network
of friends as soon as the purchase was
made. This information was conveyed
without the user’s knowledge or consent.
The Facebook community protested the
online tracking along with the immediate
disclosure of these aspects of their personal
history. As resistance mounted, Facebook
abruptly ended the program.
In 2010, Facebook once again shocked
many of its users by suddenly changing its
privacy settings. In its early years, Facebook
shared most profile fields only with friends
58
59
and friends of friends. But the policy was
modified so that information that was once
private such as one’s profile picture, name,
gender, address, professional networks, and
so forth, became publicly available by default
to everyone online. As one observer noted,
Facebook changed the defaults to more
efficiently monetize customer information
and because the company “appreciated its
power.” Facebook’s decision to make
previously confidential information “publicly
available” was reversed thanks to public
protest, and users now have the capability to
control access to most of their personal
information.
Despite these and other problems,
Zuckerberg insisted in 2010 that privacy was
no longer a “social norm.” There was an
expectation that people wanted to be more
open about their lives and activities.
Zuckerberg and other Facebook executives
remained convinced that the social media
company’s innovations were ahead of the
convictions of its user base and not in
opposition to them.
In order to expand its revenues the
corporation decided to open its platform to
60
61
outside developers. Programmers could
build Facebook games, develop personality
tests, or construct other apps. These
programs were offered to users for free in
exchange for information. For a few years
the Facebook developer platform hosted
several popular games including Farmville
and Candy Crush. Facebook customers
agreed to give these game developers
access to their data in exchange for playing
these games. However, there were no
protections for the reuse of these data
collected by the developers. Algorithms were
extracting items such as users’ messages
and photographs. One game developer used
Facebook data to construct unauthorized
profiles of children on its own website.
Facebook had allowed for the sharing of its
customer data without a system to prevent
any abuses.
In 2009, Facebook introduced a remarkable
innovation which it called the “Like” button.
The famous plug-in was a matter of internal
debate among Facebook executives for
some time. But they gradually realized that
this simple button could “transform the
platform from a book into a blizzard of
mirrors.” The more things a user liked, the
62
more she revealed about herself, her
preferences, interests, and aspirations.
Facebook now knew what their users “liked”
along with their friends and relationships.
This data gold mine allowed advertisers to
target those Facebook users with even
greater precision.
Facebook’s tracking of its users across the
internet had begun in 2010 with the help of
the Like button. At first, Facebook denied
that it was tracking users as they surfed the
web. But by 2014 internet tracking was an
established corporate policy and part of the
contract between Facebook and its users.
Facebook collects data on its users’ internet
browsing even when they are no longer
logged into their Facebook accounts. This
happens by means of a small piece of
technology known as the “datr” cookie that
Facebook deposits in each user’s web
browser (once they log on to
Facebook.com). The datr cookie informs
Facebook whenever that browser visits a
website with an active social plug-in, such as
the “like” button. This tracking of website
activities and purchases allows Facebook to
build a more detailed profile of their users as
the basis for more personal ads. Users are
63
informed of the tracking (in the dense termsof-service agreement), but they do not have
the option to opt out of this practice, which
has riled European authorities. They claim
that Facebook has unfairly leveraged its
power to collect data on the activities of
Facebook users on those third-party sites
that use tools such as the “like” button.
It remains to be seen whether Facebook can
successfully fend off regulators in Europe
and the United States and live up to the
expectations of its investors, who expect the
company to continue leveraging the
commercial value of the information it
collects. Facebook became a social media
behemoth by collecting user data when there
were few privacy restrictions. There are now
stricter laws in Europe, and if similar laws
minimizing data collection are enacted in
other countries, Facebook may be able to
crush would be competitors who want to
challenge Facebook using the same
business model that made Zuckerberg’s
company so successful.
Questions
- Which of Facebook’s past or present
privacy policies do you find to be the
64
65
most troubling? Which ones are not a
“big deal” in your estimation? - Should social media sites like Facebook
be subject to more regulations to ensure
the preservation of privacy rights? - Do you agree with Zuckerberg’s claim
that privacy isn’t an important social
norm anymore?
