Skip the navigation

European officials chastise Facebook privacy settings

By Jeremy Kirk
May 13, 2010 08:41 AM ET

IDG News Service - Facebook made "unacceptable" changes to its privacy settings at the end of last year that are detrimental to users, a coalition of European data protection officials warned the social-networking sites on Wednesday.

The warning, contained in a letter to Facebook from the Article 29 Data Protection Working Party, could spell more difficulties for Facebook, which was hit with a complaint to U.S. regulators over similar concerns earlier this month.

The working party told Facebook of the need for default settings that would only allow access to profile information and friends to self-selected contacts, and that access by search engines should be the explicit choice of users.

Facebook has moved to make even more of its users' information publicly available. The defaults settings are typically the most permissive, and users must manually change to more restrictive settings.

Privacy groups have said the settings are confusing, frequently change and some users aren't aware of the options, putting their personal data at risk.

Facebook's default settings allow certain information in a person's profile to be indexed by search engines unless a user changes it, according to the social network's policy.

In recent months, Facebook has modified its site to automatically share profile information with partners such as Microsoft Docs.com, Pandora and Yelp. Users must opt out by unchecking a specific box within Facebook's settings.

Facebook also expanded the amount of information publicly shared, allowing other personal information and preferences to be exposed even if a user has limited it to their circle of friends.

The Article 29 working party also sent letters to 20 other social network operators but highlighted its criticism with Facebook in a press release published on Wednesday.

In response, Facebook said it agreed with some of the contents of the letter, a copy of which was not available. But Facebook said it disagreed with a suggestion that people be allowed to use pseudonyms.

Facebook's policy that people must use their real names is also part of the May 5 complaint before the U.S. Federal Trade Commission, filed by the Electronic Privacy Information Center and 14 other privacy and consumer protection groups.

On Thursday, the company defended its stance on privacy, citing new controls for excluding indexing profiles by search engines and greater control over how Facebook applications handle user data.

"We feel that Facebook has been in the forefront of all kinds of sites, not just social networking sites, in giving our users granular controls which enable each user to customize many individual settings in order to share, or protect, as much information as they feel comfortable with," the company said in an e-mail statement.

The Article 29 working party doesn't have enforcement power, said Struan Robertson, a technology lawyer with Pinsent Masons. But the group is composed of data protection officials throughout Europe who could decide to refer a case to prosecutors for violation of European data protection regulations, he said.

The working groups is saying "that Facebook has crossed a line" where it is no longer sufficient to just give notice of changes but actively obtain users' consent, Robertson said.

"I think Facebook is at serious risk of losing its users' trust," Robertson said. "That may be the biggest threat to Facebook than European regulators or European courts."

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!