Limits of Privacy on Facebook

Despite Facebook’s “Privacy Settings”, Your Information Might Not Be So Private

By Michael Feldman

With over 800 million users, there is a good chance that you, a family member or a business colleague uses Facebook. Many people assume that their posts and information viewed on Facebook is only available to their “friends.” Such an assumption would be wrong for several reasons.

First, your information is only private to the extent you affirmatively check certain boxes for your Facebook page. If you fail to select the appropriate settings, you will be allowing more than your “friends” to view your personal information. Remember that these settings involve not only limiting what the general public can see, but what advertisers and other websites you visit can see about your Facebook page (even if you are not logged on to Facebook at the time). Therefore, consider adjusting your privacy settings in the category marked “Apps, Games and Websites” and “How people bring your info to apps they use.” To maximize your privacy, turn off all platform apps.

Second, unlike Google+, Facebook does not make it easy to create different categories of “friends”, each of which only has access to limited information. Rather, once you make someone your “friend” – whether that person is a true friend, your boss or co-worker, someone you met last night, or even a celebrity you never met – that “friend” has the same access to your personal information that your best “friend” has. Though the user can block off certain “friends” from certain information, the process to do so is neither obvious nor simple. Such sharing of personal information would never occur outside of online social networking sites.

Third, you might never know what personal information Facebook or other social networking sites actually share. As you may have heard, Facebook just settled a Complaint by the Federal Trade Commission (“FTC”), which alleged that Facebook deceived consumers by asserting that their information would be private, then making it Public. Pursuant to the settlement, Facebook must now be honest in what it tells users, provide users with notice before changing its privacy settings (assuming the user actually reads these) and will undergo privacy audits every 2 years for the next 20 years. The settlement is far from perfect from a consumer viewpoint. The settlement is unclear about whether Facebook can share your information with advertisers – the primary source of Facebook’s revenue. In addition, though Facebook has to disclose its privacy policy to users, there is no requirement that the policies be in language easily understood by its users, as opposed to legalese. Perhaps most disturbingly to some is that the settlement keeps Facebook’s users in the dark about the results of the FTC’s investigation. Therefore, the taxpayers who paid for the investigation and the alleged victims – the Facebook users – will not know what privacy violations have already occurred. Thus, Facebook users may never know how their personal information has already been used, sold or distributed.

Fourth, several recent Court decisions have held that your Facebook page is not necessarily private. That is, litigants have obtained access to Facebook pages (among other social networking sites like MySpace) to prove their case. For example, in one case, a plaintiff claimed she was injured and unable to participate in activities she previously enjoyed. Against her objection, her adversary obtained access to her Facebook and MySpace pages to prove that the plaintiff was lying. The defendant was even able to gain access to “deleted” information from those pages. Similarly, other Courts have held that you have no “right to privacy” in your Facebook or MySpace pages because those companies do not guarantee complete privacy. As a result, employees have been terminated for information they posted online.

Fifth, your “friends” can share your information without your permission. Unauthorized sharing has also occurred as a result of viruses or hackers, both of which are rampant.

Sixth, never assume that what you delete is truly deleted. It is not. “Deleted” information is usually stored for an extended period of time with or without your knowledge.

The bottom line is that you should be very careful when you post information on a social networking site such as Facebook. You should assume that despite your privacy settings, the information may potentially be seen, shared or obtained by other than your “friends” without your explicit permission or knowledge. Notwithstanding, it is also critical that you take advantage of the privacy settings available and be familiar with the privacy policy of your social networking site to maximize your privacy. You would not allow strangers to wander your house or office, so do not let them wander your Facebook page.