Facebook said on Friday that it intends to make further changes to its privacy policy in order to respond to an audit by the Irish government, but privacy advocates saw the move as an inadequate attempt to quell privacy concerns prior to Facebook’s planned initial public offering.
The proposed changes, which the company put out for public comment on Friday, don’t appear to reflect any major shifts in policy. For the most part, the document makes more explicit how Facebook is already using user data. The company has also updated the policy to reflect newer features, such as cover photos.
The proposed changes are not final. A document highlighting the proposed changes is available on the website in PDF form, along with an explanation of the changes. The company is asking for user feedback and will host a web question-and-answer session about the changes May 14 at 9 a.m. Pacific time.
Sarah Downey, a privacy analyst and attorney at privacy software vendor Abine, said the more explicit language was required by a consent decree issued last year as part of a settlement with the U.S. Federal Trade Commission, and by the audit by the Irish Data Protection Commissioner.
Downey said once Facebook goes public, it will face pressure to generate more revenue and will probably accomplish that goal by using personal information to sell targeted advertising. The initial public offering (IPO) is expected to take place on May 18.
“Their financial success really requires them to collect more usable personal information and make that information available and accessible to advertisers. We expect that more private information about users is going to be disclosed,” she said.
Jeffrey Chester, the executive director of the Center for Digital Democracy, also said the upcoming IPO will lay the groundwork for greater threats to user privacy.
“Facebook can’t possibly protect the privacy of its users and grow as publicly traded company. It’s going to be increasingly difficult for them to grow their business significantly without collecting and monetizing more of its data,” he said.
Downey said one apparent change could be significant for consumers: Even if a Facebook user does not share his or her phone number or email address publicly, default settings will make it possible for others to search for the user on Facebook using that information.
The information Facebook obtains and provides to third-party advertisers, a sensitive topic among privacy advocates, was also the subject of substantial revision. For example, where the existing policy says that Facebook can use “the information it receives about you … to measure or understand the effectiveness of ads you and others see,” the new policy makes clear that that includes “deliver[ing] relevant ads to you.” Delivering such user-specific advertising often involves sharing user data with third-party advertisers.
Immediately following that section, the proposed changes add, “We store data for as long as it is necessary to provide products and services to you and others, including those described above.”
“They’re talking about expanded use of your data with lots of little changes that are important. And Facebook is the master of these little changes adding up to big things,” Downey said.
But the changes announced Friday also include some that allow users to better protect their privacy. An “activity log” feature will show users all of their activity on the network in one place, rather than across several timelines. Facebook also rolled out a centralized hub, where users can find all relevant documents.