These privacy policies are intended to help organisations comply with data protection law by informing users how personal information is collected, stored and used. That is the theory but the recent amendments by major social networks highlight in reality how uninformed social network users are about what networks do with personal information.
Since Facebook opened itself to the public in 2006, a level of comfort has emerged among social media members with sharing personal details of their lives with friends, family and the world at large. Obviously, where members post content publically they accept it is freely available for anyone to access. But where content is uploaded with the intention that it should remain private or semi-private, what should be the limits on the use of that content by that social network?
This question has been increasingly asked by regulatory bodies and the media. The Irish Data Protection Commissioner’s audit of Facebook last year attracted widespread media attention and pushed privacy issues into the headlines.
On its website, the CNIL notes it considers it “impossible to know Google’s processing of personal data, as well as the links between collected data, purposes and recipients”.
In a blog post on 11 May, the Facebook Site Governance set out changes to the Data Use Policy. This included changes to the data retention provisions of the policy to allow members’ information collected by advertisers to be kept for longer than the previous time limit of 180 days. Also, Facebook clarified that it may show any kind of advertising to members who are off-site.
A second blog post was posted on 31 May by the Facebook Site Governance. It outlined administrative amendments to the SRR to reflect new features on the Facebook site, including the Facebook Timeline. Facebook has asked members to vote on the changes and will announce the result today.
The updates include a new section on how Twitter tailors content and specify that Twitter can use members’ contact information to help third-party services, client applications and others find Twitter accounts.
The policy also sets out that Twitter supports the ‘Do Not Track’ browser settings, which prevent the collection of information used to tailor Twitter suggestions based on a user’s browsing of sites that have integrated Twitter buttons or widgets.
The changes were set out in a clear email to members that highlighted the main changes to the policy. It also linked to a larger section explaining the new tailored suggestion feature that clearly shows users how to opt-out. The changes appear to reflect a genuine effort to inform members of how their personal data is used.
LinkedIn hit the headlines last week for its mobile calendar feature. This opt-in feature syncs LinkedIn with a smartphone’s calendar to gather information about event entries and send these to LinkedIn’s servers. This caused confusion among members and forced LinkedIn to write a blog post explaining what the feature actually does.
Also, some social networking platforms, particularly Twitter, should be applauded for making changes without a direct regulatory push. The fact that notice of its updated policy was communicated so clearly to members shows a commitment to member privacy.
Hopefully, other social networks take note of Twitter’s approach. If they plan to be truly socially responsible when it comes to user privacy their policies should be communicated to members through more easily digestible methods, like videos or infographics, rather than wordy amendment documents or blog posts.
By Lisa Jackson
Lisa Jackson is an ICT solicitor with Leman Solicitors. Follow her on Twitter.