subscribe: Posts | Comments

More Questions For Facebook: And Why “It’s Legal” May Not Be Enough Anymore

Comments Off on More Questions For Facebook: And Why “It’s Legal” May Not Be Enough Anymore

Sen. Jay Rockefeller (D. WV), current Chairman of the Senate Commerce Committee, has sent a note to Mark Zuckerberg.  It was not, as you might imagine, a friend request, or a request to play Mob Wars.  Instead, Sen. Rockefeller had a few questions for the reluctant star of The Social Networkregarding Facebook’s privacy enforcement efforts.  As you might guess, this missive was spurned on by the recent Wall Street Journalexpose on the widespread sharing of data by Facebook Apps.  In part, Sen. Rockefeller’s note included the following:

The Journal’s report raises serious questions about Facebook’s commitment and ability to enforce its own explicit privacy policies on behalf of consumers. One quoted Facebook official asserts that, “[o]ur technical systems have always been complemented by strong policy enforcement, and we will continue to rely on both to keep people in control of their information.” However, given the scope of the reported privacy breach and the fact that Facebook’s most popular apps are not abiding by your company’s rules, this assertion appears to be strained. Consequently, I request that you provide answers – with specificity – to the following questions:

1) How does Facebook enforce its Privacy Policy relating to affiliated application operators and websites? What logistical protocols are in place to promote maximum compliance? What resources, including the number of personnel, does Facebook dedicate to monitoring and enforcing application operators’ compliance with its Privacy Policy?

2) What penalties does Facebook impose on application operators and websites that violate the company’s Privacy Policy? Are offending application operators allowed to continue to do business with Facebook?

3) Does Facebook take steps to retrieve information from application operators found in violation of the company’s Privacy Policy?

4) The Journal article quotes a Facebook official that asserts the company has “taken steps… to significantly limit RapLeaf’s ability to use any Facebook-related data.” What exactly does this mean?

5) According to the Journal article, there appears to be a pattern of privacy infractions involving Facebook applications. Specifically, what other past problems has Facebook encountered with regard to applications, and what steps did Facebook take to rectify them? Are these applications still available on Facebook’s platform?

6) To the extent that personal data has been shared in violation of Facebook’s Privacy Policy, what steps has Facebook taken to notify individual users as to the specific information that has been mishandled, and who has had access to that information?

Now, here at Legally Social we are on record as being somewhat nonplussed by the “scandal,” but these are legitimate questions.  More critically, they underline an important fact about the world of social media and privacy: what you are obligated to do under the law at any given moment may have very little relevance as to whether you get into trouble. 

Let’s repeat that, because it is a dramatic change: just because something is “legal” in the world of social media doesn’t mean that it won’t still be a problem.  Because technology is evolving so quickly, and the law has not even remotely caught up (heck, there are legitimate arguments that copyright law hasn’t really ever caught up to the invention of the computer) there is a significant gap between the expectations of consumers and legislators and the laws and regulations as actually written.   When the gap between expectations and “reality” is big enough, there is a tendency for regulators and legislators to simply look for creative ways to fit square pegs into round holes — to find some way to punish “wrongdoers” regardless of whether or not the law actually was meant to address the issue at hand.

We appear to be approaching such a moment right now, and it is thus a precarious time.  Rather than merely address the simple question of “what is legal,” lawyers and social media entrepreneurs need to consider other possibilities, including questions of “what is going to get me hauled in front of a congressional committee,” and “what is going to put me in a political advertisement in the Attorney General’s race in some random state.”  This does not mean that social media needs to be more conservative; rather, it means that social media needs to be more creative about disclosure, consent and enforcement.  In the end, being questioned by congress is not a big deal, so long as you have compelling answers to provide.  Right now, that’s the key takeaway from Facebook’s growing pains, and the meteoric rise of Web 2.0.