The Right to Privacy is Not a Right to Facebook

Daniel Castro April 30, 2010
April 30, 2010
Don't like Facebook's privacy policy? Then don't use it. But don't ask government to run Facebook.

Don't like Facebook's privacy policy? Then don't use it. But don't ask government to run Facebook.


On April 27, four senators—Charles Schumer (D-NY), Michael Bennet (D-CO), Mark Begich (D-AK) and Al Franken (D-MN)—sent a letter to Facebook expressing concerns about Facebook’s current privacy policy. Specifically, the authors of the letter criticize Facebook’s decision to make certain data from a user’s profile public and to allow third-party partners to use and store this data. This criticism centers around two new features Facebook debuted at its F8 Developer Conference earlier this month—instant personalization and social plugins. The first feature, instant personalization, allows certain partner sites to use data from a Facebook user’s profile to customize their online experience. For example, if a Facebook user visits Pandora, an Internet radio website, instant personalization will allow Pandora to create a custom radio station for the user based on their likes and dislikes from their Facebook profile. The second new feature, social plugins, allows developers to place a Facebook widget on their website so that visitors can “Like” a page or post comments. These interests can then be shown on a Facebook user’s news feed and users can see their friend’s activity. Both of these new features users can opt not to use.

For those who have been following the debate on online privacy, this letter should come as no surprise—countless advocacy groups have criticized companies like Facebook and Google for what they see as the erosion of user privacy online. However, contrary to what critics may say, the latest offerings from companies like Facebook and Google do not herald the end of privacy as we know it on the Internet. Instead, it reflects the natural evolution of online applications as they increasingly make use of user data to offer more personalized products and services and find ways to monetize an otherwise free service. Yet unfortunately privacy fundamentalists (e.g., those individuals and organizations who place the protection of privacy above all else, refusing to see it as one value competing against others) continue to generate headlines by raising objections to the efforts of these companies by arguing that they “violate user expectations” and “diminish user privacy.”

There are two different questions central to this debate: first, should Facebook be able to use private information to deliver products and services to its customers; and second, should any company be able to do this?

From a policy perspective, the first question is less interesting. The answer is one that will likely be settled by legal action (or the absence of it). Privacy policies exist for a reason: they tell users of a website what an organization can and cannot do with your personal data. If an organization deviates from its policy—if it uses private data for purposes that are in direct violation of is stated policy—then it can and should be held liable. Whether Facebook violated its stated privacy policy and whether it engaged in unfair and deceptive business practices is something that the FTC and other nations’ consumer protection agencies will have to decide.

The second question—should organizations be able to use private data for new types of products and services—is the more interesting question. Privacy fundamentalist routinely argue that consumers have an expectation of privacy regardless of what the privacy policy states and that when organizations use personal data, for example to recommend music or supply targeted advertising, they have violated this expectation of privacy. They argue that privacy policies are too difficult for consumers to decipher or that consumers do not read them and so government regulation is needed. It is this misguided notion, that consumer preference (or rather the preference of privacy fundamentalists) trumps business prerogative, that is central to the arguments made by privacy fundamentalists when calling for government to intrude on the business decisions of the private sector.

Yet even if you accept the premise that consumers had an expectation of privacy, the last few years of debate over online privacy should make it clear to even the most casual user that this is no longer true. Many Internet companies clearly intend to continue to find innovative ways to use personal data to deliver products and services to their customers. While Facebook CEO Mark Zuckerberg may or may not “believe in privacy”, it is clear that Facebook thinks that companies should respond to changing social norms on privacy and that the overall trend is towards more sharing and openness of personal data. So going forward, no Facebook user (or privacy fundamentalist) can continue to use the service without admitting that the benefits of using the website outweigh any reservation the user has about sharing his or her personal data. As the saying goes, “Fool me once, shame on you. Fool me twice, shame on me.”

Certainly some users may still object to this tradeoff. But if you don’t like it, don’t use it. Facebook is neither a right nor a necessity. Moreover, it is a free tool that individuals can use in exchange for online advertising. In fact, one high-profile Facebook user, the German Consumer Protection Minister Ilse Aigner, has already threatened to close down her Facebook profile in protest of Facebook’s new privacy policies. Users that feel this way about Facebook’s changes should vote with their mouse and click their way to greener pastures. Companies respond to market forces and consumer demands, and if enough users object to the privacy policy of Facebook, these individuals should be able to find a start-up willing to provide a privacy-rich social networking experience.

Even Facebook responds to public opinion and consumer pressure. In December, Facebook modified its privacy settings so that certain information including friends list, gender, city, and profile photo, would be public information. In response to complaints from some users, Facebook modified its interface to give users more control over the privacy of different types of information. Neither was this the first time that Facebook revised its policies in response to consumer behavior. In 2006, Facebook altered its policy regarding its “news feed” feature that updates users about their friends’ activities.

This is not to say that online privacy is not a topic worthy of government oversight and legislative action. As ITIF has argued, existing protections for individuals from laws such as the Electronic Communications Privacy Act (ECPA) are woefully outdated and in need of reform. Citizens should have a right to privacy for their electronic data and safeguards should be the same regardless of whether data is stored at home on a PC or remotely in the cloud.

So the next time Facebook changes its privacy policy, let’s not act like this is a national emergency. Companies do things that the some members of the public do not like all the time. When Coca-Cola introduced New Coke, we did not need the U.S. Senate to step in to right this wrong, and neither do consumers need government to police every feature or policy tweak that websites make.