For many years I have had significant misgivings about Facebook’s approach to protecting personal information. Despite this I kept a Facebook account as a means for my friends to update me on what they were doing (rather than me updating them, as I just did not trust that Facebook would protect my personal information). All my misgivings came out in stark relief as a result of the Cambridge Analytics scandal that has finally rocked Facebook, even if only slightly.
As privacy experts I believe we need to walk the walk when it comes to privacy issues. When you read the privacy notice on our website you will see that we have no personal information about our visitors so obviously we can’t sell it, store it, or use it. And we expect you to hold us accountable for this statement if we lied to you.
As a Facebook user my worry has been that I don’t truly understand the way my personal information is used. For example, this sentence in the Facebook Data Policy really doesn’t help me understand whether I object to what Facebook is doing or not doing:
‘We work with third party companies who help us provide and improve our Services’.
The point here is that their data policy is so GENERAL – stunningly ironic when it comes to Facebook. Facebook’s real power has been in personalising the user experience so that it is all about my likes, my dislikes, my friends, my interests. In fact, Facebook claims that it is ‘passionate about creating engaging and customized experiences for people’. So, don’t tell me that a company this big and with so many resources that it can personalise its content to such a startling degree, that furthermore claims it is ‘passionate’ about this, cannot find a way to give me my privacy notice and say how they used my (not everyone’s) personal information.
The problem is that this generalised approach suits companies like Facebook. A statement like: ‘We are able to deliver our Services, personalize content, and make suggestions for you by using this information to understand how you use and interact with our Services and the people or things you’re connected to and interested in on and off our Service’, doesn’t sound so bad, but when you actually see precisely how that information has been used, you are for the first time empowered to give consent (or not) to the use of your personal information.
This concept is vital for the protection of privacy, a point which is supported by the definition of ‘consent’ in the Protection of Personal Information Act (POPIA). Consent is:
‘…voluntary, specific, and informed expression of will…’ I don’t think that any of us are really ‘informed’ about what Facebook does with our personal information nor can we be until such time as personalised privacy notices are available. While this may not be easy for all companies to do, it is crystal clear that it is within Facebook’s ability.
So, until Facebook automatically generates a personalised privacy notice for me that shows exactly how they use my personal information, I just don’t trust them enough even to have an inactive Facebook account with very little of my personal information.
And so for all the other #deletefacebook supporters, here is some help about how to delete Facebook (not just deactivate it). However, be warned, Facebook doesn’t delete your account for 14 days even though you have specifically told them to.