Case Study: The Privacy Challenges of Facebook and Instagram

Facebook—along with Instagram, the photo sharing site that the company purchased in 2012— struggles with thorny privacy and ownership issues. The site's loyal users rely on it to share news, photos, videos, and special moments with their friendship networks, but their personal information and preferences can leak out in ways they often don't understand.

Facebook's Privacy Policies: A Moving Target

Facebook frequently changes its privacy policies, and every tweak can either reassure users that their data is safe or cause further alarm. In 2005, when the site was called "The facebook," the policy was very simple: No personal information that you submit will be available to any user of the web site who does not belong to at least one of the groups specified by you in your privacy settings. Years later, the privacy policy stretches to thousands of words in legalese. Lawyers write much of this text, using language they hope will satisfy regulators and privacy advocates, but that often confounds users.

One change that users called "creepy" happened in 2007, when Facebook launched a service that could track people's actions on third-party websites and broadcast that information to their Facebook friends. Users objected to this lack of control, and Facebook soon dropped the practice. In 2010, the company decided to have the user's privacy account settings default to "everyone," so that anyone could view the information unless the user proactively altered the privacy settings to limit access to friends. After privacy advocates protested, Facebook reversed course and changed the default to more restrictive settings.

The Facebook Places service, launched in 2010, raises additional concerns about privacy. This service allows you to "check in" so others can see your current location on a map. Facebook defaulted the setting to "friends only," having learned from experience that a default to "everyone" would trigger objections. The service also offers you the option to broadcast your location to other users who happen to be nearby but are not in your friends network; however, that was prudently disabled by default.

Just after Facebook purchased Instagram in 2012, the company promptly announced a change in Instagram's privacy and ownership policies to take effect in 2013. According to the new policy, Facebook claimed a perpetual right to license all public Instagram photos, allowing them to sell the photos to companies for advertising purposes. Imagine for a moment how Instagram might sell your vacation photos to the hotel where you stayed to use in its ads, without paying you or even notifying you. Instagram users were outraged, and the online firestorm caused Facebook to back off some of the language. The company still claimed the right to associate sponsored ads with users' photos, though.

Social Marketing and S-Commerce

Facebook is in a unique position for marketing because the site has so much information about what you like, who your friends are, and what they like. While search engine marketing relies on the keywords you enter, social marketing can tap into a deeper understanding of your behavior patterns. It can also draw on whatever influence you have on your friends and turn products into overnight sensations through viral marketing. For instance, Facebook introduced "Sponsored Stories" as a way for advertisers to let your friends know whenever you click the "Like" button on their brand or check in at one of their stores.

With more companies establishing a Facebook presence, more Facebook users are going through those pages to make purchases, often based on the "likes" of their network friends. This kind of social commerce (s-commerce) is growing rapidly, making the privacy issues even more important. Privacy advocates argue that there should be some way for users to opt out of Sponsored Stories. Many people don't want their "likes" to be shared and don't want their faces appearing in ads targeting their friends.

In 2013, Facebook offered to settle with Facebook users whose name or image appeared in Sponsored Stories without their permission. Over 614,000 people filed a claim and they each received about $15.

Facebook Apps from Third Parties

The third-party companies that develop applications for Facebook have also come under fire for privacy breaches. These companies make agreements with Facebook so that users can access social games and activities like Farmville, Texas HoldEm Poker, and Family Tree Builder. However, some applications were collecting information about users in a way that violated Facebook's own privacy rules, all without the user's permission. In one case, the information was transmitted to a company that compiles dossiers on individuals to use for targeted advertising. Facebook disabled the applications involved in the scandal, and the company continues to block apps that violate its policies.

Social gaming and online marketing have become so complex, however, that it is possible some of the third-party developers did not even know they were breaching privacy rules. Facebook's policies prohibit the third-party apps from transfer-ring personal information to marketers, but the technical challenges of complying are daunting.

Challenges Ahead

Managing privacy becomes more complicated for Facebook as the site's capabilities expand. The myriad privacy settings confuse users, although Facebook has made headway by revising its interface, trying to make each setting more comprehensible. The company's default and recommended settings may permit more sharing than you prefer, but you can further restrict access to each category of information to just friends, specific friends, friends of friends, or just to yourself. Facebook also introduced a "hide" setting so you can identify certain friends in your network who should not be allowed to view photos or other categories.

The fact that users don't have much control over what other people upload is an-other challenge for privacy. Once a friend uploads a photo that tags your image with your name, the friend's privacy settings have control over who sees that photo on his or her page, and those settings might cause trouble. Facebook added a "Report/Remove tag" feature, so a user who objects to a photo posted by someone else can at least remove the tag that identifies him or her, and also ask the poster to take the photo down.

With a worldwide footprint, complying with privacy laws in all the countries in which users live is another immense challenge. European regulators, for example, insist that Facebook should safeguard user data according to the EU's privacy rules. They also recognize, however, that laws vary from one country to the next in the European Union, so they are trying to harmonize the maze of privacy rules for online data. But even if that effort succeeds, the resulting privacy laws will probably not match those in the United States and other countries.

Finally, a nagging challenge is whether fickle fans will get "Facebook fatigue" and begin dropping Facebook in favor of other social networks, or possibly choose to use none at all. The number of users in the United States has dropped by almost 4 million in the early months of 2013, and user numbers in Japan, Indonesia, South Korea, and other countries dropped even further in percentage terms.

When Facebook was first launched, an important competitive advantage was its exclusivity. The site targeted college students, first at Harvard, Stanford, Columbia, and Yale, and then at other colleges and universities. Users built their social networks from their college connections. As it expanded, Facebook opened its doors to every-one. People who want to maintain a social network have many more options now at sites such as Twitter, LinkedIn, Pinterest, Orkut, and Google+.

Privacy could well become a much bigger threat to Facebook's future, as more people decide to opt out altogether. Despite all the tweaks to improve privacy controls and the reassurances about data protection, people may decide that liberal information sharing is just too risky, whether on Facebook or any other social network.

The risk is certainly real. In 2013, Facebook users were shocked to learn that the company maintains "shadow" profiles on each of them. These invisible profiles combine data that users willingly upload to the site with other data Facebook obtains about them. For example, a friend might upload an address book that contains your private cell phone number; Facebook links that to your shadow profile.

To earn revenue, however, Facebook has to find ways to monetize its most valuable asset: user data. If advertisers can't benefit from Facebook's "big data" for marketing, they won't pay for ads. This puts Facebook in an awkward position.

Since its launch in 2004, Facebook has continually broken new ground. Perhaps it is not surprising that founder Mark Zuckerberg admitted candidly, "Basically, any mistake you think you can make, I've probably made it, or will make it in the next few years."

Q. How does the default selection of sharing versus not sharing information impact the subsequent choices of individual users?

Your answer must be typed, double-spaced, Times New Roman font (size 12), one-inch margins on all sides, APA format and also include references.