Facebook, Google & The Ongoing Privacy Debate

In recent months, news-sites have been full of the latest online privacy dust-up – involving, predictably, Facebook and Google.

Enter The Dragon
Facebook is used to this. Over the years, Facebook’s changing default privacy settings (see this great graphic representation) have become legendary, spawning independent guides (at Reclaim Privacy.org , and the EFF) to help users understand and change their privacy settings. Aside from its enormous privacy policy, Facebook has seen public outcry over its (now defunct) Beacon advertising programme, “instant personalisation” feature and the disclosure that it was sharing personally identifable data with advertisers, possibly in violation of its stated privacy policy. Apart from automatically opting-in users, instant personalisation gave hackers a loophole to retrieve users’ personal data. And Mark Zuckerberg’s remarks about pushing users to disclose more information didn’t help Facebook either.

In Defence of Facebook
In PBS’ 4MR, lawyer Michael McSunas claims Facebook’s success is due to its ability to listen and respond to users. And Facebook has responded, if not always quickly, to user concerns. Recently, Facebook reduced privacy controls from 50 to 15, and changed instant personalisation to opt-in, but many people find these changes insufficient, and want all default privacy settings to be opt-in. And while there’s a point there, it’s myopic to focus on Facebook alone.

Most websites, including news sites, have an opt-out system for email updates, partner offers, etc. Myspace is also alleged to have shared identifiable personal information with advertisers, but barely gets a mention. Pandora, the American music site, made users’ music choices available to anyone who knew their email addresses, neither letting users know about this, nor providing them (until recently) with an option to turn this off. Surely these deserve to be reported?

Breaking Up Is Hard To Do
Of the many users who decided to “Quit Facebook” on May 31st in protest, only about 31,000 actually did. Meanwhile, Facebook added 10 million new users after instant personalisation was rolled out – so perhaps online privacy expectations are changing? And as Diaspora attempts to become the open-source Facebook alternative, and we watch Orkut and Myspace drop by the wayside, and Google fail to convert Gmail users to Buzz, some food for thought: the world is unlikely to jump onto something new unless it’s leaps better in user experience as well – because, as the numbers show, most people aren’t that bothered about privacy.

For Better? Or For Worse?
Then there’s the question of intent. Janet Street Porter writes of Google and Facebook, “They aren’t in the game to make our lives better, but to harvest our likes and dislikes, moods and spending habits in order to channel advertising at us 24 hours a day and to sell that information to the highest bidder.” But did anybody actually think they were philanthropists? Let’s not kid ourselves – these are commercial organisations, with revenue and profit targets, and anybody who thought otherwise needs a reality check.

Google’s Googlies
The critical difference between Google and Facebook, of course, is that we give Facebook data voluntarily, while Google collects data that’s not necessarily volunteered – for instance, by tracking IP addresses to keep search results relevant even when you’re logged out of Google.

When Google’s street-view cars were found collecting slivers of payload data from unsecured wifi networks, Google was quick to deny intent and utilisation, blaming a code error. Then Eric Schmidt went on record saying that Google wouldn’t use the data, but wouldn’t delete it unless governments ordered it. In recent days, the party line has changed: Google won’t delete the data because governments want to examine it.

Google has now generated fresh outrage by admitting to collecting wifi SSIDs, which could help triangulate position and serve location-based advertising on mobile phones. Google kept this under wraps until caught, and geo-location can be pinpointed by satellite anyway. So has “do no evil” morphed to “speak no evil?”

Dr. Seuss & The Connected World – Oh The Trails You’ll Leave!
Big-brother-ish as all this sounds, let’s get some offline perspective:
• CCTV and speed cameras track us everywhere we go. Who keeps this data? (Current limited storage capability means much of it gets deleted, but this may change as storage costs fall.) Who uses it, for what? And what’s the privacy policy?
• The recent UK election saw personalised campaign mailings, with names printed onto leaflets and brouchures. This is a violation of privacy at a much more disturbing level – political parties know where you live.
• The NHS database is opt-out, and leads to other types of privacy concerns.
• Retailers and credit card companies send us offers based on purchasing history. How much data do these companies keep, for how long? How is it used, who’s it shared with, and on what terms?
• The Google dashboard lets you remove data recorded by Google, which is more than most organisations or governments do.
• Technology will increasingly be used to provide public and private services – and we will all generate even more data. Would we rather governments administered it? And who would guard the guards?

The Meaning Of It All
So what are the implications for other players in the field?
1. If you provide true convenience, as Google and Facebook do, unless you really overstep the bounds, users won’t desert you en masse.
2. Online users have a more pragmatic approach to online privacy than they get credit for. Hopefully, future privacy debates will be more nuanced.
3. Transparency, response to user concerns, and unclear motives are the areas over which Google and Facebook have been roasted. If other brands move fast enough, can they own these niches?
4. It is nobler and cheaper (in terms of reputation risk and brand value) to come clean. As Sir Humphrey Appleby said in ‘Yes, Prime Minister,’ “We should always tell the press freely and frankly anything that they could easily find out some other way.”

Answers On A Postcard
Finally, some thoughts for users:
1. Google and Facebook are “free,” but consider what that means. If we’re getting a free lunch, who is paying, and why? Answer: we are, with information about ourselves, that companies want. And that’s not necessarily a bad thing.
2. If enough people were sufficiently concerned about online privacy, they would stop using Facebook and Google products, forcing them to change policy – a market solution, based on choices. Repeated regulation can neither take its place, nor is it feasible in the long term.
3. Before reacting to online privacy concerns reportage, take a moment to consider comparisons to the offline world.
4. How about personal responsibility? If you don’t want sensitive information captured by others, don’t send it over unsecured networks or put it on Facebook. We’re not yet as bad as the woman who’s suing Google for walking directions that led her onto a highway, where she was hit by a car, but by laying the blame solely at Facebook’s and Google’s door, we’re right behind her.