TrustArc Blog

Comments on Facebook’s Draft Privacy Policy

March 01, 2011

Fran Maier

Last friday Facebook unveiled a draft of their “Data Use Policy,” essentially a short-form privacy policy, presented in a layered format that employs simplified language and numerous examples for context. To be clear, this draft does NOT replace their existing privacy policy. Rather, it is meant as a “first look” at Facebook’s privacy and information policies. The company hopes to solicit public feedback to inform future iterations, iterations which could eventually be submitted as part of Facebook’s regular process of notice and choice and end up replacing their current privacy policy. If you would like to comment on their draft privacy policy you may do so here:

Facebook pre-briefed TRUSTe and prior to launch we will review and ensure that it is consistent with their privacy policy and practices. At TRUSTe we are advocating for all of our clients to supplement their legalistic privacy policy with a more accessible short notice such as this. We also recognize that given Facebook is “all about sharing“, Facebook’s short notice is not going to be as simple as let’s say, an ecommerce company’s.

Last year, Facebook was criticized for having a very difficult to understand privacy policy and privacy and data use practices. Facebook’s stated goals for the “Data Use Policy” were to make their privacy policies easier to understand, more visual and interactive, and focused on the most relevant privacy questions.

How does this draft stack up? It does a pretty good job. It’s definitely easier to read and understand then their existing privacy policy. It does a good job of explaining the “sharing” policies for the many relationships of different kinds you can have on Facebook – with friends, apps, pages, groups organizations.

The use of multiple visual examples to illustrate concepts and practices is certainly helpful, especially when walking users through the privacy settings (Click on “Information You Share On Facebook” here to see what I’m talking about). Directing consumers to their ad generation tool to explain “how advertising works” is a nice interactive touch and could certainly help demystify the Facebook ad targeting process for consumers. The choices Facebook users can access are easily accessible and explained.

As to the question of whether this draft focuses on the most relevant privacy issues, that may be a question best answered by the collective users of Facebook, so we encourage you to comment if you have a Facebook account.

How do we think Facebook can improve upon this draft? Developing a comprehensive, accurate, and accessible short privacy notice is difficult. Many of the concepts are difficult to convey concisely. Illustrations are helpful and Facebook could make it interactive with additional demos. For example, the ad generation tool or the “Preview how your profile appears to a specific person” feature. We also believe that Facebook could add icons to the policy landing

landing page, much like they already do on their safety landing page: . And should it be called “Data Use Policy” – let’s remember that consumers care about Privacy and that’s the best language for consumer communications.

As of this post the “Your information on other websites and applications” and the “Interactive Tools” section of their draft policy are not live, but, as always, we will continue to monitor and review Facebook’s iterations, whether they’re in draft form such as this or formal revisions submitted through their existing notice and choice process.

Assuming that the final draft meets our criteria, we are likely to direct consumers to this area as their first stop for privacy information.