It’s hard to determine which it was that outraged the Facebook community more: the new terms of service imposed on users by the social networking giant, or the manner in which they were changed.
In February, Facebook removed two lines from its user agreement. That was interpreted as allowing Facebook to keep all user content in perpetuity, even from deleted accounts, and use it in any number of ways.
The user agreement has always granted Facebook licence to use (and sublicence) its members’ content, but the February change deleted two lines in the agreement: “You may remove your user content from the site at any time. If you choose to remove your user content, the licence granted above will automatically expire, however you acknowledge that the company may retain archived copies of your user content.”
A blog post on The Consumerist alerted users to this change — not Facebook. Users revolted, launched a grassroots movement for changes, and CEO Mark Zuckerberg did an about face, restoring the old agreement and promising a new one within weeks.
But were users up in arms simply in defence of their deleted data, or because Facebook made the changes silently, without bringing user attention to its new terms of service?
There’s also the fact that this appears in a user agreement, not a privacy policy. (For the record, the privacy policy is based on two core principles, according to Facebook, one of which is “You should have control over your personal information.”) One could argue that content designed to be shared is more of a terms of use issue, but personal information and content should by definition be addressed in a privacy agreement.
Enterprises are embracing Web 2.0 — some grudgingly, some enthusiastically — and recognizing that Facebook, especially, is a channel to engage its customers and community.
While there shouldn’t be sensitive or confidential corporate information on a social networking site, a company has to control the lifecycle of its public-facing data, too. Products, services and branding evolve and become obsolete. Staff members leave. And, ironically enough, policies change. The enterprise’s control over these elements of its business can’t be left to a legal department whim at another company.
And if Facebook can unilaterally change, without notice, what is essentially a licence to use its software and infrastructure, what about your applications — especially those used on a software-as-a-service basis ?
It will pay for IT departments to regularly audit vendors’ more fluid licensing conditions, keep legal and compliance departments in the loop, and keep up the dialogue with vendors to avoid surprises.