I’m sure we have all felt that deep-down, nagging feeling… You know, the one that tells you you can’t be quite sure that all of your privacy settings on all your various social networks, email accounts and other communications media are set just right–if can even tell what that is anymore. I know that for me, enduring the countless privacy policy changes on Facebook has eroded any sense of trust I had in that company and about what they promise. When it comes to Facebook, you just have to assume everything is as public as the newspaper because even if something is set as ‘private’ today doesn’t prevent them from making it public tomorrow. It doesn’t have to be this way forever; it’s about time that consumers demanded a set of inalienable rights to over their data. I saw this list posted on Tech Crunch yesterday and it got me thinking; why stop with Facebook, why not Twitter, Google Buzz, etc? First, however, take a look at Alexia Tsotsis‘s “Facebook Bill of Rights”:
10) No Privacy “Bait And Switch” Facebook said for years that all information that users made private would always be private. Then it made names, photos, friend lists and other information
unavoidably public. So “No bait and switch” is essentially “Don’t change privacy settings to be more open without prior user consent.”
9) Opt In, Not Opt Out “Opt In” needs to be the default for everything privacy related. Any Facebook default should never move users toward less privacy. The ‘wizard’ Facebook walked FB users through in December, where the default got swapped to ‘everyone’ is perhaps the most egregious example of lack of transparency. From now on no more December 2009, i.e. all moves that force data sharing need to reveal exactly what the company intends to do with that data and the default answer better be “not very much.”
8.) Freedom Of Data Export Users should have the freedom to share their data with anyone they want and take it with them anywhere they want, including removing it from the Facebook Service. While Facebook has alluded to eventually enabling this functionality in the past, there is currently no way to export Facebook data, which means whatever happens on Facebook stays on Facebook to the ultimate detriment of users.
7) The Right To Permanently Delete Accounts At the moment the actualities of being able to do this are lost in the vagaries of activating and/or deactivating your account, which still gives Facebook the rights to your personal data and license to your IP. Facebook needs to provide a direct link to this and then make sure that when your profile is gone it’s actually gone, and not stuck in server limbo somewhere.
6) The Right To Data Security Facebook needs more transparency regarding how code is deployed, and needs to make the process more secure. We get the occasional emails about how Facebook has sent messages to the wrong people, exposing user email addresses and various sundry data holes. While all code has its flaws, Facebook needs to keep in good faith that its first priority is protecting user data from malware such as phishing schemes, for example.
5) The Right To Redress Regarding Suspending Accounts We also receive many tips from people who have had their accounts suspended and have no way to reach an actual person vs. an autoreply at Facebook. Seeing as though your Facebook account is now your online calling card, there needs to be a way to argue your case to an actual human being.
4) The Right To Clear Outlines of Privacy Changes Google recently simplified their privacy policy in the wake of an $8.5 million privacy settlement over Buzz. So while it might inhibit innovation to create one thing and never change it without somehow breaking your word, perhaps Facebook can continue to offer up a streamlined one sheet record of everything it’s changed privacy wise, and keep it current with all new product related updates and caveats.
3) The Right To Information On Third Party Sharing Facebook needs to explicitly lay out what it does with your user data and how it target ads exactly. The importance of this has increased in the wake of Place’s introduction, especially since the proposed business plan for many of the geolocational platforms including Facebook is selling user checkin data.
2) The Right To Opt Out Of Facebook Marketing This could be achieved with premium accounts, as Pandora does now, giving people a clear way to opt out of any kind of ad targeting or marketing. The ads would still be there, but they wouldn’t directly pull from your likes, giving you a greater sense of “privacy.”
1) The Right To Protections From Snooping Facebook Employees A guarantee of security around who has access to user data and how often it has been abused. While “scary” media reports that Facebook has a “master password” abound and pranks like “Fax this photo” are cute, they lead us to believe that Facebook employees do not quite yet grasp the fact that with great power comes great responsibility.
These are definitely a great start, but again, why stop with Facebook? This should extend to everything with a privacy policy: Gmail, Foursquare, MySpace, Battle.Net, XBox LIVE, you name it. One of the things that makes these so difficult to understand is that there’s no consistency between a policy from one site and the policy from another. It’s the same for EULAs, which I’ve already ranted about. If we are going to fully embrace the digital age we need to know what we’re getting ourselves into. That starts by knowing what’s in the contract. The first and best way to do that is to make them easier to understand. Writing a contract in plain English is almost impossible to do without spending a ton of money, so I don’t expect to see much progress on that front. There’s a reason they are so convoluted, but if they were at least convoluted in the same order, people could more easily spot where policies differed.
I would also add another right to the list:
11) Terms of an Agreement Cannot Change Unilaterally Without 2 Weeks’ Notice. Too many virtual worlds make you agree to policy changes before you can log into the world, essentially ransoming people into agreement. It takes a long time to read a privacy policy or a EULA. It takes even longer to comprehend one. No one who logs in 5 minutes before a raid is going to read it well, even if they want to. Can you imagine the torment someone would feel for keeping a 20-person group waiting because you had to look up a term in Article VIII, Clause 6 of the new EULA? By making sure that changes cannot take effect for 2 weeks after they are posted, it allows the community to digest the changes and give those who don’t agree time to liquidate their account in an orderly fashion.
Of course, all of these “rights” are part of a trade-off. We get Facebook for free because it uses our information to sell ads. With less access to our info, there’s less revenue to be made–at least in theory. But there are other ways of making it work. People will pay for privacy if it’s important enough to them, they just need the opportunities to do so. The same goes for other demands, although it would be important to keep the list short enough that it doesn’t turn into a mess that gets bogged down and never reaches that critical mass. Alexia’s 10 rights article already has over 1,000 mentions on Twitter, Facebook, Buzz, etc., not to mention this post, so it’s clearly gaining traction. Here’s hoping we see some progress.
Virtual Navigator 
so many comments to make… I only have 2 hours… I’ll have to bookmark this for when I have a day free.