In what it presumably hopes will be seen as swift and stern action to inform and protect its users, Facebook announced new terms of service and a new data policy on Wednesday. Don’t worry, though, it’s not like the company has gone soft in its war on privacy. It’s just more explicitly copping to the stuff people are already mad about.
The new terms and data policy came with a stiffly-worded blog post from Facebook chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer. “We’re making our terms and data policy clearer, without new rights to use your data on Facebook,” reads the headline. If the bullet notes they provide about the additions are accurate, Facebook hasn’t so much radically changed its policies as much it has clarified exactly how much of your digital life it lords over and why that’s okay. Tellingly, the announcement post repeatedly emphasises how the new documents better “explain,” “spell out” or “make clear” Facebook’s various old practices.
Take Facebook’s habit of collecting phone and text message history, for example. While Facebook says it has “added more specific information” about the feature, which is an opt-in experience for Facebook Lite and Messenger, the social network is not going to stop doing it. Just last week, Facebook defended the practice in the face of a public outcry, claiming that it “helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook.” That sounds similar to what Mark Zuckerberg said back 2007, when Facebook became a platform that let developers build custom apps and collect Facebook user data. We all know from the Cambridge Analytica scandal that sparked the most recent Facebook crisis that there were some serious side effects to that strategy.
Speaking of Cambridge Analytica and third-party developers, Facebook is still going to let them collect and store user data. But there are rules. Basically, developers can track people around the web and save information about who they are and what they’re doing, but they need the users’ permission to do so. For example, developers can collect Facebook account information—name, email, gender, birthday, current city, and profile picture URL—and then store it, even if they stop using the Facebook platform. But they need the users’ permission. As we know from the Cambridge Analytica debacle, however, plenty of Facebook users give unknown developers permission to do all kinds of crazy things without realising the implications.
So Facebook’s data policy still allows a tremendous amount of tracking. Just look at this snippet from the top of the Facebook Platform Policy, which contains 23 different features and is just one part of the much larger data policy. It says that developers must:
Obtain adequate consent from people before using any Facebook technology that allows us to collect and process data about them, including for example, our SDKs and browser pixels. When you use such technology, provide an appropriate disclosure:
Again, you have to click through several pages of policy to get to this level of granular detail. It’s there, but I would hardly describe it as easy-to-find or easy-to-read.
Both the new terms and the new data policy just dropped, so we’ll need to spend more time sorting through them to see what kinds of meaningful changes are in there. If what Facebook promises is true, we should at least have a little more clarity about how Facebook uses its data. If the sheer size and labyrinthine layout of the policies are any indication of the company’s future, though, it’s hard to think that Facebook is making big changes in the face of a big problem. So far, it just seems like more of the same tricks in a slightly different package.