Facebook, which is overseen by Irish data protection regulators in the European Union, said that it recently proposed changes to its data-use policy and its statement of rights and responsibilities. The changes give users more detailed information about shared data including “reminders about what’s visible to other people on Facebook.”
“We will be seeking urgent further clarification from Facebook Ireland and if we consider that the proposed changes require a specific consent from EU users we will require Facebook to do this,” Gary Davis, Ireland’s deputy data- protection commissioner, said in an e-mail today.
Davis’s office in September concluded a review into Facebook that pushed the owner of the biggest social-networking site to delete data collected from users within the EU for its facial-recognition feature. Norway’s data-protection regulator said in August it was reviewing how the feature worked and what information Facebook was storing.
“We note that this is the consultation stage of their process and that until that stage is over these changes will not be tabled to users,” said Davis. “We are currently examining the proposed changes and consider that further clarity will be required in relation to the full effect of some of the changes.”
Changes Announced in Blog Post
Facebook said Wednesday that will continue to let users comment on proposed updates.
The world’s biggest social media company said in a blog post that its voting mechanism, which is triggered only if enough people comment on proposed changes, has become a system that emphasizes quantity of responses over quality of discussion. Users tend to leave one or two-word comments objecting to changes instead of more in-depth responses.
“We will also provide additional notification mechanisms, including email, for informing you of those changes,” wrote Elliot Schrage, Facebook’s vice president of communications, public policy and marketing, in the post.
Facebook began letting users vote on privacy changes in 2009. Since then, it has gone public and its user base has ballooned from around 200 million to more than 1 billion. As part of the 2009 policy, users’ votes only count if more than 30 percent of all Facebook’s active users partake. That did not happen during either of the two times users voted and it’s unlikely that it will now, given that more than 300 million people would have to participate.
Jules Polonetsky, director of the Future of Privacy Forum, an industry-backed think tank in Washington, said the voting process was a “noble experiment” that didn’t lead to informed debate.
Facebook said in June that it was reviewing how to get the best feedback from users on its policies.
Facebook is also proposing changes to its data use policy, such as making it clear that when users hide a post or photo from their profile page, the “timeline,” those posts are not truly hidden and can be visible elsewhere, including on another person’s page.
Polonetsky called Facebook’s data use policy “kind of a good handbook” and a “reasonable read” on how to navigate the site’s complex settings.
But most people don’t read the privacy policies of websites they frequent, even Facebook’s.
“I certainly recommend that people read it, but most users just want to poke someone and like someone and look at a picture,” Polonetsky said.
Facebook’s task, he added, will be to continue to evolve its user interface — the part of the site that its users interact with — so that answers to questions are obvious and people don’t need to wade through the policy.
Facebook said that the company expects “to maintain a continuous dialogue” with the agency as its services evolve.
“As our regulator in Europe, we are in regular contact with the Office of the Irish Data Protection Commissioner to ensure that we maintain high standards of transparency,” Facebook said in an e-mailed statement.
Facebook Ireland provides service to the Facebook users outside the U.S. and Canada, according to the agency, which in 2011 began reviewing Facebook’s compliance with Irish and EU data-protection rules.
Data protection is currently policed by separate regulators across the 27-nation EU. The EU’s executive body wants to simplify the system so companies deal with only one data- protection regulator in the zone.
(Bloomberg and The AP contributed to this report.)