Ethics Case: Facebook's 'Unfriendly' Privacy Policies (adapted from Spinello, R. (2017). Cyberethics: Morality and law in cyberspace. Jones & Bartlett Learning)
Facebook CEO, Mark Zuckerberg, couldn't quite believe all the attention he was getting. Facebook was on the verge of its initial public offering (IPO), and it seemed that the media couldn't get enough of this Cinderella story. Zuckerberg had created a primitive version of the Facebook application in his Harvard dorm room. Thanks to its immediate popularity, he commercialized this product and founded Facebook, a pioneer in social networking. There were 1.4 billion active users on Facebook and the company's revenue exceeded $12 billion. As Zuckerberg traveled around the country to promote the IPO, the press followed him everywhere. The Facebook IPO took place on May 18, 2012, making many of its brash and talented managers instant millionaires by the end of 2014.
Most people at the social network company welcomed the publicity and attention surrounding the IPO. But over the years Facebook has attracted negative publicity and unwelcome attention for its controversial privacy policies. Facebook has had to deal with several embarrassing missteps as it struggles to reconcile user privacy with an open network. The company's policies have been the object of scrutiny by the FTC, which has investigated a number of privacy-related complaints. In a recent ruling, the FTC persuaded both Google and Facebook to consent to a biennial audit of their privacy policies and practices for the next 20 years. What were Facebook's most contentious privacy policies, and why are key regulators still threatening to block the social media company from carrying out its strategy of boosting advertising revenue by leveraging its user information? The following is a brief historical overview.
Facebook first caught the attention of privacy advocates in 2007 when it implemented a technology known as the 'News Feed'. This feature was designed to display in real-time changes a person makes to her user profile on the home pages of all of her online friends. To the surprise of the company, users balked at this innovation and Facebook had to abandon this default feature. In that same year, Facebook also joined a commercial venture known as the Beacon program so that every member would be notified immediately as soon as one of their friends made an online purchase. Beacon also seemed to clearly violate users' privacy expectations. As resistance mounted, Facebook abruptly ended the program.
In December 2009, Facebook once again shocked many of its users by suddenly changing its privacy settings. A person's 'friends' could no longer be kept concealed from the public or from each other. As a result, information that was once private such as one's profile picture, name, gender, address, professional networks, and so forth, became publicly available by default. According to Rebecca MacKinnon, these changes were motivated by the company's need to monetize this 'free' service and were consistent with Zuckerberg's strong personal conviction that people everywhere should be open about their lives and actions. Facebook's decision to make previously confidential information publicly available was reversed thanks to public protest, and users now have the capability to control access to most of their personal information.
In 2010 the company took public its instant personalization scheme, which allows partner websites to access Facebook information as soon as a Facebook user visits the site. This all happens by default before the user gives consent to the sharing of his or her information. In that same year, the company introduced social plug-ins, including a social widget known as the 'Like' button, that appeared on other websites (like Amazon.com); if a user likes an item she sees, she clicks on this button and the item appears in a list of things she likes in her profile. This plug-in architecture, a further evolution of cookie technology functions as follows. When a user logs into a social networking site like Facebook, the site sends a cookie to the user's browser, which is disabled only when the user logs out of his her Facebook account. As the user visits various websites, the Like architecture will report back to Facebook whether the user has clicked on the Like button (even if the user doesn't click on this button, Facebook knows that you've been to this site and looked at this item). This social widget provides a history of a user's web-browsing habits that can be linked to personally identifiable information. The social plug-in architecture has the potential to be an especially powerful mechanism for behavioral advertising, though Facebook claims that (at least for the present) it anonymizes this tracking data after a period of 90 days.
Online photos on Facebook pages have also been a bone of contention. When users post a photo on their Facebook page, they can tag it with the names of the individuals in that photo. They can also establish links to the profiles of those individuals, assuming that they too have a Facebook page. Those who come to realize that they have been tagged can serve the link to their profile but can't do anything about the actual photo.
It remains to be seen whether Facebook can successfully fend off regulators in Europe and the United States and live up to the expectations of its investors, who expect the company to be able to exploit the commercial value of the information it collects. To this end, Zuckerberg has repeatedly sought to diminish privacy expectations and encourage Facebook users to share their information in the spirit of openness and greater connectivity.
Questions:
What is the problem that is described in the case?
What are the known facts (from the case or references provided)?
Who are the key people (stakeholders) involved?
What is the timeline of events?
What are the alternative courses of action that can be implemented to solve the problem?
Which of Facebook's past or present privacy policies do you find to be the most troubling? Which ones are not a 'big deal' in your estimation?
Should social media sites like Facebook be subject to more regulations to ensure the preservation of privacy rights?
How much do you think companies like Facebook really know about their users? How much of that knowledge can be a potential revenue source? What is the economic value of such user data?
