Posts Tagged ‘Social Networking’

Note to Facebook: Privacy is Personalization Too

April 29, 2010 Leave a comment

Just last week, Facebook introduced “instant personalization” – a feature that extends your Facebook experience via familiar Facebook “plug-ins” (Activity Feed, the “Like” and “Recommend” buttons) – to partner websites such as yelp and  Already, the features are drawing much criticism – this time, from a Democratic quad of senators – Begich (AK), Bennet (CO), Franken (MN) and Schumer (NY) – who are urging Facebook to change its policies on sharing user data with third parties. Their letter to Facebook founder Mark Zuckerberg highlight three main concerns: Facebook’s continually elastic definition of what it considers personal information, the storage of Facebook user profile data with advertisers and other third parties, and the aforementioned “instant personalization” feature. The Senators acknowledge the FTC’s role in examining the issue but also advocate that Facebook take “swift and productive steps to alleviate the concerns of its users” while FTC regulation is pending.  On Monday, Senator Schumer followed up with an open letter that urges the FTC to investigate Facebook’s privacy practices.

Instant personalization is the latest Facebook feature to draw flak for its perceived impact on privacy.  It’s actually a very cool technology, designed for people who want to publicly share their likes and dislikes with their Facebook network.  It works by sharing certain Facebook profile data with a partner site.  The feature is personalization defined – every user using Facebook plug-ins on a partner site will have a different experience based on who they are friends with on Facebook.

A recent post on the Facebook blog describes the process:

“At a technical level, social plugins work when external websites put an iframe from on their site—as if they were agreeing to give Facebook some real estate on their website. If you are logged into Facebook, the Facebook iframe can recognize you and show personalized content within the plugin as if the visitor were on directly. Even though the iframe is not on Facebook, it is designed with all the privacy protections as if it were (emphasis added).”

Note the last sentence of that excerpt – it seems to suggest that as a Facebook user, you don’t have to worry about privacy whether you are on Facebook, or using a Facebook plug-in on another site.  So what’s the flap about?  What is fuelling the concerns with Facebook’s privacy practices – from the letter from Democratic Senators, to ongoing concerns from EPIC, to this thoughtfully penned article from a Facebook user who also happens to work for PC World?

I think it has to come down to notice – especially to users.  Facebook debuted “instant personalization” as an opt-in feature that automatically exposed a user’s Facebook profile data to partner sites. This has raised concerns with regulators, and certain Facebook users too – just take a look at the comments to this recent Facebook blog on the topic. To further complicate things, Facebook makes it particularly difficult to opt-out of the instant personalization features.

With this latest move, Facebook reaches outside its walled garden to extend its reach across the web – I almost think of it now as the world’s largest social platform (not network).  Consider for instance that it took Microsoft nearly twenty years to reach an install base of 1 billion for Windows; Facebook, now approaching 500 million users, will probably reach that number in less than a decade. As Facebook continues to evolve its platform strategy, its processes – particularly around informing users about what it plans to do with their profile data – must be better defined.  I think this goes beyond a static privacy policy – it may even involve engaging select users at the beta stage to pre-determine privacy concerns (like whether to launch a feature as opt-in or out).  Engaging trust with your ecosystem is essential for any platform company and when it comes to Facebook, users are an essential part of the ecosystem equation.

For the most part, Facebook users divulge data about themselves with the expectation that this data will be used on Facebook only; sharing that same data with other sites, even if it’s via a Facebook plug-in, is clearly not part of that expectation.  If Facebook wants to use user profile data for secondary purposes, it should first get the user’s permission to do so.  Such a system honors a user’s privacy preferences – which are also a personalization of sorts.  And when it comes to privacy, Facebook should be doing everything it can to ensure that this type of personalization is preserved.


Geo-Location: 4 Tales for April 16th

April 16, 2010 Leave a comment

The social media industry is undergoing a revolution of sorts, with innovative technologies that are giving new meaning to the term “location, location, location.”  In fact, some of the coolest features being announced by social media platforms are rooted in geo-location technologies.   These technologies are, for the most part, a new take on an old idea – GPS or the Global Positioning System – referring to the services provided by a series of US satellites that orbit the Earth. After forces from the former Soviet Union shot down a Korean Airliner jet in 1983, President Reagan signed an executive order making the technology available for commercial use.  Now, nearly 20 years later, companies are taking geo-location technologies to the next stage in their evolution and making them accessible to most anyone with a GPS enabled phone or device.

Just this past week, there were 4 different news stories about how geo-location is re-shaping social media.  In honor of Global Social Media Day (yes, that is today), I thought I would share them with you.

1. The first story is all about Foursquare. The 13-month old website that no one had really heard of before SXSW ’10, now has 799,000 users (including me, I just signed up). The company recently announced an innovative partnership with Bravo TV and continues to expand its family of partners.  This post is particularly appropriate as today, April 16th, is also Foursquare Day (fourth month, 16 is foursquared, clever?).  In San Francisco this evening, you can attend a Foursquare Swarm Party and earn a badge if you “check in” at least four times.  The incentives?  Discounts and free drinks – especially if you are a Mayor.  Foursquare’s unique proposition is that it brings advertising opportunities directly to the point of need. And it’s keeping up with its users too – to assure its advertising partners that its users are where they say they are.  Recognizing that some enterprising Foursquare patrons were checking in without actually being at the locale, the company recently rolled out “cheater code” to deter less energetic Foursquare users who seek mayorships from the comfort of their couch.

2. The second story comes from last year’s Foursquare (or is Foursquare this year’s Twitter?).  No longer the “scrappy startup,” Twitter is evolving into the communication platform of choice for those who choose to express themselves in 140 words (or thereabouts).  Today, it has over 100 million users who generate over 55 million posts a day (and a gargantuan amount of real-time data).  Making that data more relevant to a user will be key to Twitter’s continued success in an increasingly crowded space of competitors.  This week, at the company’s first developer conference (aptly titled “Chirp”), Twitter introduced its “points of interest” feature, which allows users will be able to reveal and search for exact locations.  The feature allows you to see all of the tweets or posts made from that location – a sort of real-time yelp on steroids.  Another tool called annotations allows users to reveal metadata, such as their location, in published tweets.  The meta data of course, does not count towards the 140 word limit.

3. Our third story is yet to be told.  It involves Facebook, the most popular site in the US (according to TechCrunch and Hitwise), and its plans to introduce geo-location services to over 400 million Facebook users worldwide.  The details will be unveiled at F8, the company’s sold-out developer conference to be held next week in San Francisco.  A sneak peak at the agenda suggests that the big announcement could be during the morning’s keynote, or perhaps during one of the breakout sessions for new tools (where the description currently reads “everything you need to know about our new tools. We’ll share more about this session at f8.”).  Of course, the impact of this announcement will reverberate strongly throughout the geo-location ecosystem, and it remains to be seen whether Foursquare and even Twitter will be able to keep up with the mighty Facebook once this feature launches.

4. Our last story is about the FTC and its never-ending race to keep up with the surging rush of new technologies, particularly those that focus on geo-location services.  The issue is already on the FTC’s agenda – in the form of a merger and a proposed rulemaking.  In their letter to the FTC, outlining concerns with the acquisition of AdMob by Google, Consumer Watchdog and the Center for Digital Democracy point out the privacy concerns of combining location data with a user’s data profile.  The FTC’s opinion on this particular transaction will most certainly signal its views on the importance of geo-location data in competitive and privacy analysis.  And, recognizing the increasing adoption of GPS-enabled smartvphones, particularly among users aged 13 and under, the Commission has invited comment on its Children Online Privacy Protection Rule 5 years earlier than Congress had originally prescribed in 2005.  In its announcement, the agency specifically identified the ability to collect “mobile geo-location data” in connection with behavioral advertising, as one of the technological changes that warrant re-examination of the Rule.

Categories: Uncategorized Tags: , , , ,

The Law Struggles to Keep Up – ECPA, SCA and Privacy in Electronic Communications

March 3, 2010 1 comment

Two federal laws enacted before the advent of the World Wide Web, are at the heart of class action complaints against Facebook and Google for violations of online privacy. It’s time to brush up on the Electronic Communications Privacy Act (ECPA), and the Stored Communications Act (SCA) – federal statutes that prevent intrusion by government and private actors into electronic communications. The ECPA works by preventing the interception and unauthorized access of electronic communications – such as email, texts and user keystrokes – by government agencies and law enforcement. The SCA is an “act within an act” as it is essentially Section II of the ECPA.  It regulates unauthorized access of electronic communications by service providers such as ISPs.

Plaintiffs in the Facebook class actions allege that the company violated both statutes, when changes in its privacy policy caused “unwary Users into inadvertently revealing large amounts of information about themselves.”  Similarly, class plaintiff Eva Hibnick (an enterprising Harvard 2L), alleges violations of both statutes in her complaint against Google for the unauthorized disclosure of users’ personal information during the launch of company’s social networking product, Google Buzz, in February.

It’s likely that the courts will struggle with the application of the ECPA and SCA in both of these cases. A pivotal question will be how the courts interpret the “consent” exception to ECPA in these cases i.e.  whether use of Facebook or Google’s service indicated user consent to the disclosure of personal information in the case of either Facebook’s privacy policy changes or the launch of Google’s buzz.

Both ECPA and the SCA are a legacy of a time when, two-way, not real-time, communication was the norm. The application of both statutes to email provides an illustrative example.  Under ECPA and the SCA, communication service providers are treated differently depending on whether they are “transmitters” or “storage facilities.” This is an important distinction for telephonic communication, but not so important for email – particularly web-based email that is stored on your providers’ server. Courts have interpreted ECPA to find greater protection for unopened email in transit to a computer, as opposed to unopened email sitting on your computer’s hard drive or provider’s server (from a user privacy perspective, is there a difference?).  Under the SCA, some courts have distinguished between pre and post transmission storage, even though the SCA defines “electronic storage” as “any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission.”  Luckily, the Ninth Circuit rejected this distinction in the 2004 case of Theofel v. Farey-Jones.

ECPA and the SCA statutes represent yet another example of how the law has failed to keep up with technology.  Indeed, both statutes have been the focus of much criticism, with several experts calling for ECPA reform and amendments to the SCA.

More importantly, neither statute gives us the answer to a question that has remained unanswered for too long – do users have a reasonable expectation of privacy in web communications such as emails, blogs and posts? Even though we live in the age of email and instant communication, the contents of an email sent from the privacy of your own home, has less constitutional protection than a conversation in a public phone booth.

The Supreme Court’s 1967 decision in US v. Katz – finding that privacy attaches to a person, not a place – has yet to be extended to electronic communications. Could the court’s dicta, stating that “[w]herever a man may be, he is entitled to know that he will remain free from unreasonable searches and seizures,” have some applicability to communication on the web in 2010? Will the recent class actions against Facebook and Google evolve into long-standing litigation that provides the Supreme Court the opportunity to consider the application of Katz to electronic, real-time communication?  With persistent litigants and the right rulings, it could happen.

In the meantime, legislators should seriously consider a redraft of both ECPA and the SCA – one that ushers both these important statutes into the Internet age.

Social Networking Under the Regulatory Microscope

November 12, 2009 Leave a comment

These days, everyone is doing the social networking thing – especially companies looking to extend and impress their brand on online audiences.  Burberry just announced a social networking foray to help people share stories about their – uhm – first Burberry trench coat. Even the New York Times is getting in on the action, with tips on how to market your business on Facebook, while harvesting the “gold mines of demographic information” offered on this granddaddy of all social networking sites.

But even as companies race to embrace social networking in any possible form, regulators are increasing their oversight.  And if social networking is in your marketing plan, then you probably should take a look at these recent decisions – from federal and state regulators – that are “on point” for any site that features social networking technology.

First, there’s the FTC order (and whopping $250,000 fine) against Iconix Brand Group.  Iconix is home to some of the most durable brands in fashion – Bongo, Candies, London Fog.  According to the FTC, Iconix was collecting personal information from children under the age of 13 – on websites that were directed to this very tweeny, Britney-loving audience (Ms. Spears is the current spokeswoman for Candies).  This violated the Children’s Online Privacy Protection Act or COPPA – particularly as Iconix also failed to post a clear, understandable and complete privacy policy.

Iconix also ran foul of the FTC Act , by stating, in its privacy policy that it would not collect personal information from kids without their parents’ consent and would delete any personal information that it became aware of (but then proceeding to do the very opposite). FTC Chairman Jon Leibowitz’s summed up his thoughts with this pithy quote: “Children’s privacy is paramount, and Iconix really missed the boat by denying parents control over their kids’ information online.”

Second, there’s continued activity among state AG offices on certain marketing practices that take advantage of those huge address books members upload to their social networking accounts.  Just this past week, the New York and Texas Attorney General Offices settled with for violations arising out of its practice of sending promotional emails to the contact lists of their members without permission (yes, we’ve all got a few of those). In the words of NY AG Cuomo, Tagged “hijacked” the address books of its members, and then “blasted” those member contacts with spam.

Clearly, companies that market via social networking technology (and techniques) must be very cognizant of the patchwork of laws that regulate how a user’s personal information is used in online marketing efforts.  Recent studies show that users do care about their privacy online, and this suggests that a clear privacy policy that respects user personal information is good for compliance and business.  After all, it is the user (or in the case of children under 13, the user’s parents) that should decide when and how their personal information is being used.