It’s been coming for some time. There were stray lawsuits in the US, but most were dismissed by the courts. However, now the European Commission has announced that it plans to bring in a new directive that will stop the way social media sites—read Facebook—collect and use information about their users without them knowing about it.
It all started this summer, when Austrian law student Max Schrems, while researching a paper on privacy law, asked Facebook to turn over all the data the site had collected on him. Facebook sent him a CD containing more than 1,200 pages of wall posts, messages, removed friends and so on. The trouble was: Schrems had deleted most of that activity, but Facebook had retained it.
So Schrems and some fellow law students filed 22 complaints with the Irish Data Protection Commissioner over how Facebook stores its users’ information. (Facebook’s Ireland office handles issues outside the US and Canada.) Schrems also set up a website, europe-v-facebook.org to spread the word.
Now the European Commission has responded, with its vice-president Viviane Reding saying: “I call on service providers – especially social media sites – to be more transparent about how they operate.
Users must know what data is collected and further processed (and) for what purposes. Consumers in Europe should see their data strongly protected, regardless of the EU country they live in and regardless of the country in which companies which process their personal data are established.”
As most of us know, Facebook gathers information from members’ activities—whatever their individual privacy settings—and makes it available to advertisers. And it’s not only the users’ personal details and “likes”, but also details about their friends, family, educational background, whatever they are sharing with their friends, what music they are listening to via the site, the works. It stores messages and chats and keeps them on its database even after they are deleted by those involved in the private online conversations.
Hundreds of thousands of websites have the Facebook “Like” button on them. If you are a Facebook member and visit one of those sites, an exchange of cookies takes place between your machine and Facebook (which already has cookies on your machine), so Facebook knows where you went. (Please note, you don’t have to click the Like button for Facebook to know that you visited this site.) If you are not a Facebook member and click the Like button, you get a pop-up window asking you to log in to Facebook. And even if you don’t, and just close the window, Facebook still sends a cookie to your machine and tracks your comings and goings on the net!
And all of Facebook’s 800 million users have agreed to let the company use their personal information, because when they sign up, they have to approve a contract, which licenses Facebook to use their data as it sees fit. Do read the contract if you want to, before clicking “Yes”—it’s only 4,000 words long.
The payoff for Facebook: revenues through more sharply targeted advertising than any other media product can offer. To be fair, it has repeatedly said that it does not reveal data on any individual, only aggregated data. That is, if, say, an advertiser asks for its ads to appear on the walls of all Chennai-based male users, between 25 and 35 years of age, post-graduate, Hindu, smoker, gay, insomniac, have just broken up from a relationship, are fans of Ayn Rand and Arsenal, visit weirdworld.com regularly, hate Mickey Mouse, and have listened to Kolaveri DI more than 15 times in the last 72 hours, Facebook can do that for the advertiser. Because it culls and classifies everything that you doing on or through Facebook—every status update, every comment, every smiley, every link you click on.
The European Commission directive, to be issued in January, will ban such targeted advertising unless users specifically allow it.
If this comes through, it would be a huge blow for Facebook, as far as its main source of revenues—advertising—goes.
But more chilling than what anonymous advertisers could know about you through Facebook—after all, they just want to sell you some stuff, which you are free not to buy—are the findings of a research by Carnegie-Mellon scientists, who recently demonstrated that how commercially available facial recognition software can be combined with social network data to match individuals out in public with online personas such as on Facebook or dating sites, as well as infer additional sensitive information, even people’s social security numbers. Which means, and this is no longer theory, you can be on a street or in a crowd, and as long as your face is captured by a camera in the control of someone who can use the database linkages, you are no longer private.
The facial recognition technology that the Carnegie-Mellon researchers used in their project, PittPatt, was acquired a few months ago by Google. Is it time to start getting scared?