Facebook’s new plain language privacy policy

George Nathanael is a JD candidate at Osgoode Hall Law School.

On October 29, Facebook published a new privacy policy that it hopes will allow users to better understand the uses of the information supplied to the website. Elliot Schrage (VP of Global Communications, Marketing and Public Policy), introduced the new policy on Facebook’s blog by saying that “[t]his is the next step in our ongoing effort to run Facebook in an open and transparent way”. Earlier this year Facebook took a similar approach when it released its Statement of Rights and Responsibilities, which contained less legalese than its predecessor, the Terms of Use.

Facebook, having over 300 million users worldwide, has drawn much attention over the last couple of years over concerns relating to the vast amount of personal information it administers. In fact, this past summer the Privacy Commissioner of Canada released a report of findings in response to a complaint made against Facebook for alleged breaches of the Personal Information Protection and Electronic Documents Act (PIPEDA). Schrage stated that, “[i]n this revision, we’re fulfilling our commitment to the Privacy Commissioner of Canada to update our privacy policy to better describe a number of practices”. An issue that was raised a few times in the report was the general difficulty navigating the site to find explicit descriptions of implications of particular features. For example, the difference between deactivating and deleting an account was deemed to be unclear, as the two options were arrived at and explained on different pages, and the deletion option was never quite accessible to begin with from within a user account.

The new policy is now separated into eight sections: 1. Introduction, 2. Information We Receive, 3. Information You Share With Third Parties, 4. How We Use Your Information, 5. How We Share Information, 6. How You Can View, Change, or Remove Information, 7. How We Protect Information, and 8. Other Terms. This policy remains quite similar in substance to the previous one, but the use of plain language and multiple examples make it much simpler to follow and understand. Facebook also seems to be very open with respect to the potential uses of information, such as by third party application developers, despite the possibility of potential users being too worried to join after reading.

Users were given the opportunity to give feedback by commenting on each of the eight sections within a period of one week, however, by the end of this period most sections had only about a hundred comments each, with the introduction having the greatest number at 237. As stated on November 5, on the Facebook Site Governance page, the “total number of comments did not reach the threshold to hold a vote”. Apparently in order for that to have happened, 30% of active users (i.e. those who have logged into the site within the past 30 days) would have had to have participated in the feedback. Despite this, it was promised that the posted comments would be read, though it was not mentioned that they would actually be considered.

In light of the fact that so few users commented on the new privacy policy, it is questionable how much of an impact this change will actually have on the number of new individuals signing up. Though it is nice to possess this knowledge in more substantial terms, I would imagine that most people would have continued using Facebook as they had before. Nonetheless, as the Assistant Privacy Commissioner of Canada stressed when releasing that report of findings over the summer, users should be able to understand what they are getting into. This is definitely a step in the right direction, and Facebook should be commended for its efforts.