How Facebook and Twitter are changing data privacy rules

Facebook and Twitter are reshaping user expectations for control over their personal data and causing companies to rethink how they treat customer and business data

Beacon of Trouble

Facebook and other social media sites are on the front line of the privacy wars. And because of their size--Facebook has more than 200 million users--what these sites do with user data will influence what consumers expect from other companies. The early lessons from Facebook show that consumers increasingly expect to control their data. Tens of thousands of Facebook users revolted against its Beacon application, a targeted advertising tool that broadcast what they were buying by posting "stories" about it on their status feeds. There were plenty of Facebook users who wanted to know what their friends were buying. But there were also plenty who didn't want that information public (one poor fellow bought a very nice ring as a surprise for his wife, who subsequently saw it on his Facebook page and asked him who it was for).

There is a lawsuit unfolding against Facebook and some of its major advertisers for the privacy breach. Separately, Viacom went after Google's logs as part of its billion-dollar lawsuit against the search giant's YouTube unit, earning Viacom lots of bad publicity even though it said it wanted the log data anonymized. After California's Proposition 8 failed, angry gay rights advocates mashed up Google Maps with a public donations database and revealed home addresses for people who contributed money to defeat it. Some of those people were targeted by activists, raising questions about whether small donations should be made public.

In the wake of its privacy faux pas with Beacon, Facebook has moved to asking its users their opinions on its privacy policies. It has also created more ways for its users to control who sees their data. To Fenwick's CTO, Matt Kesner, this creates an expectation about control over data that will ripple through the IT world.

You may disagree with Kesner that this is a problem, particularly if your company doesn't maintain sensitive information in its logs or doesn't run a social network. Alissa Cooper, chief computer scientist at the Center for Democracy and Technology, says that's misreading the tea leaves. "The more we have incidents like these, the more it's going to reveal that each of them isn't a one-off," she says.

One ongoing privacy controversy involves Webwise, a behavioral advertising technology from Phorm, a London-based startup. Webwise uses "deep packet inspection," which lets it see the content of Web traffic so that it may better track consumer Web behavior and create profiles that let it serve up more targeted ads (NebuAd is another company that uses similar technology). Phorm claims it uses technology to anonymize the data it gathers, helping protect individual privacy. Several British Internet service providers say they would use Webwise to serve up ads more effectively. But at least one antivirus firm has suggested that Phorm's profiling technology is akin to spyware.

Meanwhile, one of the British ISPs, BT, acknowledged piloting the program using actual consumer data, without asking for permission. That has landed BT in hot water. The European Commission has initiated legal action against the United Kingdom over its refusal to stop companies like BT from using live customer data without permission. Meanwhile, Amazon and Wikimedia have said they will block Phorm from accessing traffic on their sites, and in late April, the U.S. Congress began holding hearings on deep-packet inspection.

Fenwick's Kesner thinks it's up to CIOs to help their companies understand what this Web 2.0 world means for data control. As a first step, he thinks more CIOs should establish a social media presence. It's essential, he believes, for IT leaders to understand how these tools work and how people use them.

CIOs, then, may not decide on their own what their companies do with customer data, but they will have to weigh in on--and support--whatever decisions business leaders make. That includes any technologies that companies deploy to mine customer information as well as protect it from unauthorized use.

Tags Facebookdata privacytwitterinternet privacy

Show Comments