By Don Tapscott
The views expressed are his own.
No doubt executives at Facebook are licking their wounds about the tough sanctions imposed on the company by the Federal Trade Commission last month. The social media juggernaut must now re-architect its systems and policies to protect privacy. It’s likely the bankers preparing Facebook’s imminent IPO are feeling the pain, too.
But the FTC many have unwittingly saved the company. Privacy was Facebook’s Achilles heel and over the years they have continually got it wrong. Now the FTC is forcing them to get it right. The lessons learned by Facebook apply to all companies, not just social media web sites.
The FTC said that Facebook “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.” Facebook didn’t warn users that this would be happening. The company also claimed that detailed user information would not be shared with advertisers, when they were doing exactly that. And when users left the service, Facebook said their information and photos would be removed when actually this information was still available.
As a pioneering social media company, Facebook is continually venturing into uncharted waters. Before Facebook arrived, few would have predicted that hundreds of millions of people would voluntarily log on to the Internet and record detailed almost minute-by-minute data about themselves, their activities, their likes and dislikes, and so on. The degree of detail that Facebook knows about its users is unprecedented.
Why has Facebook continually botched the privacy issue? Most think that this treasure chest of information has motivated Facebook executives to collect and monetize every scrap of data they can, even if that means undermining the privacy of its members. But there may be a deeper cultural reason. In the book The Facebook Effect, David Kirkpatrick explains that some Facebook executives think transparency is not just an opportunity for companies and other institutions to disclose pertinent information about themselves (the very definition of transparency). They believe it’s an opportunity for individuals to do so as well.
The Facebook founders believe that “more visibility makes us better people,” according to Kirkpatrick. Some claim, for example, that because of Facebook, young people today have a harder time cheating on their boyfriends or girlfriends. They also say that more transparency should make for a more tolerant society in which people eventually accept that everybody sometimes does bad or embarrassing things.”
Some at Facebook refer to this as Radical Transparency — a term initially used to talk about institutions, and now being adapted to individuals. “Our mission since Day 1 has been to make society more open” says Dave Morin, one of Mark Zuckerberg’s inner circle. In other words, everyone should have just one identity, whether at their workplace or in their personal life.
If true, this is naïve, misguided and dangerous. Transparency applies to organizations, not people. Organizations are increasingly obliged to communicate pertinent information to their customers, shareholders, business partners and so on. This is not the case for individuals. Indeed, individual privacy is the foundation of a free society and individuals have an obligation to themselves to safeguard their personal information. And institutions should be transparent about what they do with our personal information.
“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” said FTC chairman Jon Leibowitz. “Facebook’s innovation does not have to come at the expense of consumer privacy.”
Given the company’s privacy-hostile DNA, it was only a matter of time before users started catching on and abandoning the company in droves. Thus, the FTC’s sanctions may have unwittingly helped the company survive. According to the proposed FTC settlement, Facebook is barred from making misrepresentations about the privacy or security of consumers’ personal information. It is required to obtain consumers’ affirmative consent before enacting changes that override their privacy preferences, and required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account.
In addition, the company is required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and Facebook is required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.
On his blog, Facebook CEO Mark Zuckerberg wrote that the FTC settlement “means we’re making a clear and formal long-term commitment to do the things we’ve always tried to do and planned to keep doing — giving you tools to control who can see your information and then making sure only those people you intend can see it.”
Safeguarding privacy should be a fundamental element of all social media, not something tacked on as an afterthought. As Ontario’s Information and Privacy Commissioner Ann Cavoukian says: “It’s all about being proactive and embedding the necessary protections into the design of your systems. By doing so, you can prevent the privacy harm from arising, thereby avoiding the costs associated with data breaches.”
Cavoukian advocates Privacy by Design, a concept that has been embraced by privacy advocates around the world. Privacy by Design is about proactively embedding privacy into the design of technology and business practices, ideally as the default setting. It also emphasizes data minimization. A company should not collect, use or retain more personally identifiable data than it actually needs. This practice lowers the risk the risk of encountering data breaches, identity theft, and so on.
The lesson here is that companies need to protect the privacy of their customers and everyone else by designing it into the core of their business modus operandi. Not everyone can count on the FTC to be their BFF.
PHOTO: Facebook founder and CEO Mark Zuckerberg speaks to reporters at Harvard University in Cambridge, Massachusetts November 7, 2011. REUTERS/Brian Snyder