This is not likely going to be my normal type of entry, but given the uproar and potential confusion I thought a quick note might be in order.
The Story
As you may have heard (first reported here) Mr. Smith logged into Facebook and saw a picture of his wife, Cheryl Smith, in the "hot singles" ad he was presented. This story and the supposed steps necessary to prevent this from occurring were picked up and spread like wildfire across the web. Facebook's Terms of Service (TOS) allowed this!?!? Even Cheryl Smith wrote about it in her blog. And I admit, when I first read the information I followed the steps and emailed my wife, suggesting she do the same.
But wait. Facebook chimed in yesterday and said in effect, the ads were the result of some misbehaving 3rd party advertisers. The ads have been removed and, "..we've recently prohibited two entire advertising networks from providing services to applications on Facebook Platform because they were not compliant with our policies and failed to correct their practices." Not mentioned in their post, but mentioned elsewhere is that the commonly recommended steps would not have stopped the ads from appearing because they were generated by the application installed by Mr. Smith and not by Facebook's advertising system.
As outlined in their response to the furor on their blog, Facebook has long (more than a year) used your profile photos on its own advertising system to promote products or services with which you are already directly connected (emphasis mine). And you know what? Some people just don't mind.
What to do now
If this use of your activity and content (including your profile photo) is news to you and/or you would prefer this not to occur in the future, you can follow my version of the handy, now-repeated ad-nauseam steps to disallow it.
To remove permission for Facebook to use your activity and content (including your profile photo) in promoting products and services to which you already have a direct connection you can change your requisite privacy settings by doing the following while logged into your Facebook account.
- Under the Settings menu select Privacy Settings
- Click on News Feed and Wall (3rd item down)
- Click on the tab labeled Facebook Ads
- In the select box next to Appearance in Facebook Ads select No one
Where do we go from here
This whole incident raises a whole host of issues and questions for organizations both using social media or not. Many of them are not new nor unique to social media, but it may be that the use of social media is bringing them to your full attention for the first time. They include:
Information and Content types:
- What behavioral information are you going to collect from your users and/or customers?
- What user provided personal information will you collect? (e.g. via registration forms)
- Are you utilizing user contributed content?
For each category of information and/or content:
- Who owns the information or content?
- Who has access to the information or content?
- Who has rights to its use? Under what terms and conditions? And for how long?
- Can a user remove it? How?
- Are your rights and/or license to use that content exclusive? Are they transferrable? Under what terms and conditions? And for how long?
From a process perspective
- What do you do to protect customer data?
- What and how do you share user and/or customer information with 3rd parties?
- How do you notify users and/or customers that that use has or will change?
- If users can remove their information or content, what steps do they need to do so? What steps internally must you do to successfully act on that request?
I suspect that these off the cuff questions only scratch the surface. If you think of any additional issues or questions let me know. I will address these questions and others in later posts.
That Facebook story was pretty amusing, I'd heard about it before but hadn't seen the links you included.
Having to sign up for Moveable Type presents a barrier to the commenter - anonymous commenting should be allowed.
I thought so, too.
I have been going back and forth on whether to enable anonymous commenting or not. I don't want to deal with a lot of spam, but I'm interested in what people think, so...
I have now enabled anonymous commenting (with a valid email address - we'll see how that works) as well as the following:
* OpenID
* Google
* Yahoo!
* AIM
Facebook and Typepad are on my list to do soon.
Doing some browsing and noticed your blog looks a bit messed up in my K-meleon browser. But luckily hardly anyone uses it anymore but you might want to check it out.
That's good to know. Even though as you point out, K-meleon would seem to be a browser with a small user base, I would be interested in seeing what it looks like. This blog (or rather my updates to it) are on hiatus, but when I return to it I will try to look into it. If you get a minute and have any screen snapshots that you could send me that would be great.