Privacy is about choice

The recent controversy about Facebook’s privacy settings and the (once again) updated privacy controls highlighted both misconceptions about what privacy is and what it isn’t in the context of the social Web. The new controls are aimed primarily at making managing Facebook privacy settings a little easier to manage. This is about being able to control –

  • what personal information is published;
  • how much personal information is published;
  • where your personal information is published;
  • who can see which personal information; and
  • how long that personal information is made available.

Privacy has become more about informational self-determination – each person’s ability to decide what becomes of their personal information. Facebook has been a bit of a cowboy with users’ personal information for some time now and the primary concern, as I see it, is that Facebook has decided, from time to time, to expose more of users’ profile information to the public Web and make that level of disclosure a new default. It has also progressively changed its privacy policy to allow for greater transparency. What it has done is severely limit users’ choices to the point where their choice has become whether to include information on their profiles or not, bearing in mind that any of their personal information could suddenly be made public.

A number of the Web’s more prominent pundits seemed to focus on the “privacy as secrecy” issue and missed what I believe is the more important point: privacy on the social Web is about choice, not secrecy. I talked about what I called the “privacy myth” in a post I published last year where I explored this idea in some detail. Its worth repeating a point I made in that post here:

In this context, privacy online becomes an exercise of identity management rather than a question of total control. When it comes to identity management the emphasis shifts from controlling whether and how much personal information is published to asserting a claim over personal information about you in an effort to create a more cohesive and accurate identity online. One of the reasons to do this is to reduce the risk of identity theft by providing a readily ascertainable body of information that represents you and which you have asserted is about you. A good example of a service that helps people do this is ClaimID which gives users an opportunity to state which websites, services and published information is linked to them and how.

When it comes to “privacy as secrecy”, users’ choices become pretty binary: either publish information or don’t. Facebook has taught us that even the biggest social services can be untrustworthy and any personal information you publish can be exposed when the company changes its policy. Of course that personal information could also be exposed through glitches, caching services, profiling efforts and aggregation services and functions. The point is that anything published online can be made more public than you may have wished or intended so a wiser approach is to decide, in advance, which personal information absolutely can’t become public and that personal information must never be published online. This sort of personal information may (and arguably should) include the following:

  • your home address;
  • your childern’s school;
  • your identity number (although disclosing full birthdays erodes this); and
  • credit card and other sensitive banking information.

Beyond that personal information which you hold most dear, you should assume that everything else could be made public without your specific consent and without you being made aware of it. That isn’t to say you shouldn’t still take advantage of your preferred social service’s privacy settings – you should.

FB privacy controls

Make a point of investigating these privacy controls. Ideally they should be intelligible, subject to clear privacy policies and guidelines. Facebook has failed here too with an overly complex privacy policy and privacy framework. It is trying to remedy this with its new Privacy Guide but I wonder if it isn’t adding more layers of complexity. Facebook, and perhaps other social services, has a vested interest in exposing as much personal information as they can. It increases the value of the service to other users. Imagine how appealing Facebook would be if you couldn’t find your friends because their basic personal information was restricted from public view. These interests can often be at odds with users’ preferences so it becomes really important to make sure you understand the relevant privacy controls and adjust them to suit your preferences.

The time may come when users’ choice is whether to remain on a social network or not. A number of people publicly terminated their Facebook profiles recently after the controversy following the F8 conference. I was tempted to delete my profile too but the problem with that is that doing so would remove you from one of the biggest social ecosystems online today. Facebook reportedly has around 500 million active users. That is a powerful network to be part of and removing yourself from it altogether is a pretty drastic step. That said, Facebook still has a long way to go to regain users’ trust (mine included) so the prudent course of action is to be more guarded about what you publish and how public you make that information.

Fortunately the new privacy controls do seem to give users more control over their personal information. That level of control extends to personal information Facebook previously deemed to be public by default as well as applications which can access users’ profile information. It was an important turning point for Facebook and a healthy reminder that Mark Zuckerberg doesn’t know best. Users are the best arbiters of how their personal information should be handled and what should be done with it. Services like Facebook shouldn’t interfere with users’ right to choose. Doing so makes profound inroads into users’ privacy.


Image credit: “Is this how the web looks to Facebook?” by Robert Scoble, released under a Creative Commons Attribution 2.0 license

Leave a Reply