This coverage of SxSW is brought to you by Buddy Media, power tools for Facebook. Eight of the world’s top 10 brands build their businesses on Facebook with Buddy Media tools. What’s your plan? Download White Paper.
Social network terms of service are usually presented to users as non-negotiable. “These are these the rules you agree to in exchange for access to the site. Take ’em or leave ’em.”
Except when it comes to the network’s obligations regarding user information and privacy. Then the attitude is often, “Here’s what we’re doing today. We reserve the right to change the rules whenever, and maybe we’ll tell you about the changes when the time comes.”
Thus the problem of social media privacy isn’t necessarily about access to data or even use of data — it’s about a lack of commitment to users, said panelists at a South by Southwest Interactive Festival panel on Friday.
“Even if you think [Facebook is] all a game, games have rules, and they shouldn’t change while the game is being played,” said Christina Gagnier of the law firm Gagnier Margossian.
In response to growing concerns regarding how firms such as Facebook and Google were handling user data, attendees of the 2010 Computers, Freedom and Privacy Conference created a document meant to serve as a starting point for a Social Network Users’ Bill of Rights. The document lists 14 elements that attendees of the 2010 show argued were essential to ensuring user privacy. The document is currently open to a public vote on a provision-by-provision basis and will be revised at this year’s conference.
The 14 rights suggested by the conference boil down to users having a clear, consistent, secure and open relationship with their networks regarding what data is collected and how it’s used, while still giving users control over their information — including the option to pack up their data and walk away at any time. “A lot of these rights are really about the ability to ‘leave it,’ ” said Lisa Borodkin of TechZulu Law.
As the panelists talked about the various rights suggested by the conference, several key dilemmas emerged:
How do we make privacy global? The panelists noted that social norms can vary widely between countries. But privacy standards need to be based on an understanding that crosses borders. Companies shouldn’t have to recalibrate their services for every country and users shouldn’t have to worry about what country a given social service is based in.
How do we make privacy business friendly? The panelists never argued that companies shouldn’t be able to collect and use data — only that users should come to that relationship on even footing. “None of this is meant to be anti-corporate,” said Jack Lerner of the University of Southern California Gould School of Law.
For some companies, increased privacy standards could even prove to be a boon to some businesses because they would increase competition, said Gagnier. If the public had greater expectations of privacy, it could provide networks looking to compete with giants such as Facebook with a way to offer more value, she notes.
How do we make privacy a starting point? When a user joins a social network, they don’t arrive with an online identity that they then integrate with the network, noted one audience member. They sign up and then begin to build an identity based on their network membership. And if they leave the network, that identity doesn’t follow them. These aren’t choices networks are making today — they’re part of the architecture of the network that was designed when the network was created, the audience member argued.
The panelists noted that there are a few companies, such as Mycube and the Locker Project, working on ways to help users create centralized online identities. But solving a company’s privacy issues is always easiest when a company considers privacy at the outset, said Gagnier.
How do we make privacy the standard? While the Federal Trade Commission is considering creating regulations addressing online data tracking, government involvement may not be the best way to address the issue, panelists said. Government regulations can create a patchwork of standards and exceptions, they note. Federal regulations are notoriously inflexible and unadaptive they add. Privacy regulations should be able to adapt to new technologies and new uses of technologies.
Instead, it would be better privacy rules were normative — a system of behavior that we expected of one another, much like basic etiquette, said Gagnier. If consumers expect to be treated one way, they won’t do business with companies that don’t treat them with what is seen as a basic level of fairness, she adds.
What privacy guarantees do you expect from your social networks? How can users develop data relationships that respect individuals without punishing networks?