Out-Law News 2 min. read
02 Nov 2009, 9:11 am
The site wants its users to review and comment on the policy ahead of its adoption. Facebook said that when the seven-day comment period ends on Thursday it will "review your feedback and update you on our next steps".
Canada's Privacy Commissioner said earlier this year that Facebook's privacy policies and practices broke its privacy laws. Facebook vowed to change its policies and make them clearer. Facebook acknowledged that its new policy was designed to meet the Canadian Commissioner's demands.
"In this revision, we're fulfilling our commitment to the Privacy Commissioner of Canada to update our privacy policy to better describe a number of practices," said Facebook communications and public policy executive Elliot Schrage in a statement.
"Specifically, we've included sections that further explain the privacy setting you can choose to make your content viewable by everyone, the difference between deactivating and deleting your account and the process of memorializing an account once we've received a report that the account holder is deceased," he said.
The policy is unusual in that it is the result of an attempt to write in plain English rather than the legalistic jargon often employed in website privacy policies and lists of terms and conditions of use.
"This is the next step in our ongoing effort to run Facebook in an open and transparent way. In April, we launched a new system of governance for the Facebook site and became the first company to our knowledge that invites users to both comment and vote on proposed changes to its governing policies," said Schrage. "Our primary goals remain transparency and readability, which is why we've used plain language and included numerous examples to help illustrate our points."
The policy governs how Facebook uses the enormous amount of users' personal information that passes through the service. It outlines how users can control the visibility of personal information and tells them of the limitations of that control. Information posted or sent to other users, for example, are out of their control and are governed by the other user's privacy settings.
The policy also governs the use of personal information in the advertising that appears on the site. It makes it clear that even the personal information which a user has chosen to hide can be used as the basis of targeted advertising.
"We allow advertisers to choose the characteristics of users who will see their advertisements and we may use any of the non-personally identifiable attributes we have collected (including information you may have decided not to show to other users, such as your birth year or other sensitive personal information or preferences) to select the appropriate audience for those advertisements," says the policy.
"For example, we might use your interest in soccer to show you ads for soccer equipment, but we do not tell the soccer equipment company who you are. You can see the criteria advertisers may select by visiting our advertising page. Even though we do not share your information with advertisers without your consent, when you click on or otherwise interact with an advertisement there is a possibility that the advertiser may place a cookie in your browser and note that it meets the criteria they selected," it says.
As online services have become more personalised and social networking has grown, privacy policies which govern what a company does with personal data have become more important. But at the same time they have become more lengthy and complex, with the average length now 2,500 words, according to research published last year.
Web standards body the World Wide Web Consortium (W3C) attempted to automate privacy preferences but that project was dropped in 2007 when browser manufacturers failed to back it, W3C's Rigo Wenning recently told podcast OUT-LAW Radio.
