Should Social Network Privacy Settings Be Regulated?

Recent changes to Facebook's user privacy policy are drawing the ire of more than just hastily arranged protest groups promising action if they can only reach 1 million members. After Facebook announced its new policy, which will allow the social networking site to share user information and curtail users' ability to keep information private, Senators Schumer, Bennet, Franken and Begich sent a letter to Mark Zuckerberg expressing their concern over the privacy changes. The letter outlined three areas of concern:

1. Facebook's new policy makes publicly available a user's current city, hometown, education, work, likes, interests and friends. Users must either allow this information to remain available or delete it entirely. The letter argues that users should have more control over what information is public.
2. Third-parties can store users information indefinitely, up from 24 hours under Facebook's previous policy. The letter recommends either reverting to the 24 hour policy or making users opt-in before allowing their information to be stored indefinitely.
3. Partners for Facebook's new "instant personalization" feature have access to user's friends list. While users are currently allowed to opt-out, the letter argues that it should be a clear and coherent opt-in provision.

Senator Schumer also sent a letter to the Federal Trade Commission urging them to set guidelines on the use of information submitted by users of social networking sites like Facebook, Myspace and Twitter. The Senator is prepared to offer legislation authorizing the FTC to examine practices in the disclosure of private information from social networking sites and to ensure users have the ability to prohibit the sharing of personal information.

Asking the FTC to regulate broadly across all social networks might not be the best solution. Will professional networking services like LinkedIn be included under the FTC regulations? It's pretty safe to assume the interests and privacy concerns of LinkedIn users differ from those of Myspace users. That said, the FTC may be able to find some common ground for minimum privacy standards, leaving individual services free to give their users a higher level of control.

The truly egregious act by Facebook wasn't setting the privacy controls at the current level, it was pulling a privacy bait-and-switch on its users. Facebook got 400 million people to sign up to use a service, including entering personal information, based on privacy rules that allowed them to strictly limit who could see that information. Once an enormous amount of valuable information had been put online, Facebook gradually started rolling back the amount of control users had over their own information.

If the government is going to play any role in regulating social networking sites, it should focus on ensuring smooth and transparent transitions when privacy policies change. Protect users from being defrauded into posting personal information under the illusion of privacy only to have all the information made public by future changes. If a user enters information under one privacy policy, that policy should continually apply to that information unless affirmatively waived. Facebook's new policy should only apply to information entered after the changes were made.