Ann Cavoukian wants Facebook Inc. to set its defaults toprivate and provide a simple set of instructions for how users can protecttheir privacy.
Speaking on a panel discussion about privacy and Facebook at the MeshConference in Toronto this week, Ontario’s privacy commissioner recalled herearly work with Facebook’s former chief privacy officer Chris Kelly when thesocial networking site was just starting to circulate among the college crowd.
“In the past, I think they had an interest in portraying totheir users that you could restrict the amount of information you wanted todisclose … it’s a different world now,” she said.
Cavoukian’s office has been flooded with concerns ever sinceFacebook overhauled its privacy settings in December 2009. “What upset peopledramatically, myself included, was when the settings were changed,” she said.
The default settings are now set to public, she said.“That’s my problem right now. I don’t want the default to be public – everybodygets to see everything unless I go in and ‘un-default’ it,” she said.
A New York Times article recently charted out Facebook’sprivacy settings and found 50 settings and over 170 options for managingprivacy, she said. The chart also points out that at 5,830 words, Facebook’sprivacy policy is longer than the 4,543-word count of the United StatesConstitution.
Another problem is that it is just too complicated, saidCavoukian. People don’t have time to read privacy policies that are longer thanthe U.S. Constitution, she said.
Cavoukian advocates the use of “short notices,” a conceptdeveloped by the privacy commissioner’s office several years ago thatsimplifies and condenses privacy policies for end users.
“That would be my message to Facebook — simplify what youare offering. Explain to people, in very simple terms, how you can protect yourprivacy if you want to,” she said.
Cavoukian said she wouldn’t give up on Facebook doing theright thing in the end. “They don’t have a chief privacy officer right now, soI think one of the reasons it’s sort of just floating out there is they don’thave the right people manning the ship anymore – that can change,” she said.
But end users also have a role to play,according to Cavoukian. “You don’t like people using information in that way, walk away … you have to demonstrate that and enough people don’t do that and it’s your problem as much as it’s our problem,” she said.
The bottom line is going to be whether Facebook’s user basedrops, she said. “Imagine if overnight, 100 million users walk away fromFacebook and go to Diaspora or something else that is more protective of theirprivacy,” she said.
Diaspora, an open source social network currently underdevelopment by four New York University (NYU) students, engrains privacy bydefault into their business model, she said. “If it was me and I was on one ofthese services, I would probably go to Diaspora than Facebook,” she said.
Cavoukian said she isn’t suggesting “taking down” Facebook.“What I’m saying is if you don’t like the service you are being provided, gosomewhere where you can get that service. And if enough people feel that way,it will change,” she said.
“I don’t know if that’s going to happen,” she added. “The jury is out and the jury is with you – theusers,” she said.
Canadian privacy lawyer David Fraser, a partner with McInnesCooper and author of the Canadian Privacy Law Blog, agreed with Cavoukian thatusers can incite change. If all the people changing their Facebook statuses tocomplain about Facebook and privacy would leave, that would be a very loudmessage, he said.
But Fraser, a Facebook user himself, said he would find itdifficult to give up his account because of the benefits it provides.
“There is the dilemma,” said Cavoukian. “You can’t expectregulators to fix that problem.”
The challenge is finding a way to give people that level ofcontrol over their information in away that they can actually handle, saidFraser. “In terms of granularity on Facebook, you can display it as a mess …but on the flip side, you can look at it as a marvelous piece, at least anattempt to get there,” he said.
Cavoukian doesn’t have a Facebook account, but said she didexperiment with the social networking site last summer. “We were asked by theUniversity of Ottawa, four commissioners, to all Facebook over the summer andsee what the experience was like,” she told ComputerWorld Canada in an interview after the panel discussion.
“It was a lot of fun,” she said. Cavoukian cancelled theaccount because she didn’t have the time tomaintain it. “It took up so much of my time … it was too much and I juststopped using it,” she said.
Cavoukian said she used a pseudonym for her Facebook accountto avoid getting flooded with friend requests. The pseudonym was disclosed toFacebook, the four privacy commissioners and a couple family members. “Evenunder those conditions … I couldn’t keep up with all the messages,” she said.
