Home > Compliance, Facebook, Information Security > Who owns and regulates MY Facebook data?

Who owns and regulates MY Facebook data?

I am also the editor of the Neohapsis Labs blog. The following is reprinted with permission from

http://labs.neohapsis.com/

My previous post briefly described the data that makes up a user’s Facebook data and this post will try to shed light on who owns and regulates this data.

I am probably not going out on a limb here to say that the majority of Facebook’s registered users have not read the privacy statement. I was like the majority of users myself, in that I did not fully read Facebook’s privacy statement upon signing up for the service. Facebook created a social media network online, and there were few requirements previously defined for such types of business in America or the world. A lack of rules, combined with users constantly uploading more data, has allowed Facebook to maximize the use of your data and create a behemoth of a social media networking business.

Over time, Facebook has added features to allow users to self regulate their data by limiting others (whether Facebook users or general Internet public) from viewing certain data that one might want to share with only family or specific friends. This provided a user with the sense of ownership and privacy as the creator of the data could block or restrict friends and search providers from viewing their data. Zuckerberg is even quoted by WSJ as saying “The power here is that people have information they don’t want to share with everyone. If you give people very tight control over what information they are sharing or who they are sharing with they will actually share more. One example is that one third of our users share their cell phone number on the site”.

In addition to privacy controls, Facebook gave users more insight into their data through a feature that allowed a user to download ‘all’ their data through a button in the account settings. I placed ‘all’ in quotes because, while you could download your Facebook profile data, this did not include data including wall comments, links, information tagged by other Facebook users or any other data that you created during your Facebook experience. Combined, privacy controls and data export are the main forms of control that Facebook gives to their users for ownership of profile, pictures, notes, links, tags and comment data since Facebook went live in 2004.

So now you might be thinking problem solved; restricting your privacy settings on the viewing of information and downloading ‘all’ your information fixes everything for you. Well, I wish that was the case with Facebook business operations. An open letter by 10 Security professionals to the US Congress highlighted that this was not simply the way things worked with Facebook and third party Facebook developer’s operations. Facebook has reserved the right to change their privacy statement at any time with no notice to the user and Facebook has done this a few times, to an uproar from their user base. As Facebook has grown in popularity and company footprint, security professionals along with media outlets have started publishing security studies painting Facebook in a darker light.

As highlighted by US Congress in December 2011, Facebook was not respecting user’s privacy when sharing information to advertisers or when automatically enabling contradicting privacy settings on new services to their users.  Facebook settled with the US Congress on seven charges of deceiving the user by telling them they could keep their data private.  From my perspective it appears that Facebook is willing to contradict their user’s privacy to suit their best interest for shareholders and business revenue.

In additional privacy mishaps, Facebook was found by an Austrian student to be storing user details even after a user deactivates the service. This started an EU versus Facebook initiative over the Internet that put heat on Facebook to give more details on length of time data was being retained for current and deactivated users.  Holding on to user data is lucrative for Facebook as this allows them to claim more users in selling to advertising subscribers as well as promoting the total user base for private investor bottom lines.

So the next step one might ask is “who regulates my data held by social media companies?” Summed up quickly today, no one outside Facebook is regulating your data and little insight is given to users on this process. The governments of the US, along with the European Union, are looking at means of regulating Facebook’s operations using things such as data privacy regulations and the US/EU Safe Harbor Act.  With Facebook announcing their initial public offering of five billion USD there is soon to be more regulations, at least financially, to hit Facebook in the future.

As an outcome of the December 2011 investigation by the United States Congress, Facebook has agreed to independent audits by third parties, presumably of their choosing. I have not been able to identify details regarding the subject of these audits or ramifications for findings from an audit. Facebook has also updated the public statement and communication to developers and now states that deactivated users will have accounts deleted after 30 days. I have yet to see a change in Facebook’s operations for respecting their user’s privacy settings when pertaining to third parties and other outside entities – in fairness they insist data is not directly shared for advertising; although some British folks may disagree with Facebook claims of advertising privacy.

From an information security perspective, my ‘free’ advice to businesses, developers and end users, do not accesses or give more data than necessary for your user experience as this only brings trouble in the long run. While I would like to give Facebook the benefit of the doubt in their operations, I personally only give data that I am comfortable sharing with the world even though it is limited to friends.  In global business data privacy regulations vary significantly between countries, with regulations come requirements and everyone knows that failing requirements results to fines so business need to think about only access appropriate information and accordingly restricting access.  For the end user, or Facebook’s product, remember that Facebook can change their privacy statement at their leisure and Facebook is ultimately a business with stakeholders that are eager to see quarter after quarter growth.

I hope this post has been insightful to you; please check back soon for my future post on how your Facebook data is being used and the different entities that want to access your data.

  1. April 20, 2013 at 5:04 pm

    I truly love your blog.. Great colors & theme.
    Did you create this website yourself? Please reply back as I’m trying to create my own personal blog and would love to know where you got this from or what the theme is called. Thank you!

  2. May 3, 2013 at 4:23 am

    Way cool! Some very valid points! I appreciate you writing this post plus the rest of the website
    is extremely good.

  3. May 10, 2013 at 7:07 am

    I’m amazed, I must say. Rarely do I come across a blog that’s equally educative
    and engaging, and without a doubt, you have hit the nail on the
    head. The problem is an issue that too few men and women are speaking intelligently
    about. I am very happy I came across this during my hunt for something concerning this.

  4. May 12, 2013 at 1:59 pm

    Fabulous, what a webpage it is! This blog gives useful
    facts to us, keep it up.

  5. May 14, 2013 at 9:45 pm

    I am sure this piece of writing has touched all the internet users, its really really nice post on building up
    new webpage.

  6. May 16, 2013 at 9:04 pm

    I always used to read post in news papers but now as I am
    a user of internet therefore from now I am using net for content, thanks to web.

  7. May 22, 2013 at 3:53 am

    It’s remarkable to visit this web site and reading the views of all mates about this article, while I am also keen of getting know-how.

  8. June 18, 2013 at 1:45 pm

    Thanks for the good writeup. It in truth was a amusement account it.

    Glance complicated to far introduced agreeable from
    you! However, how could we be in contact?

  9. July 16, 2013 at 10:07 am

    Everything is very open with a clear clarification of the issues.
    It was truly informative. Your website is very useful.
    Many thanks for sharing!

  10. July 16, 2013 at 8:55 pm

    Great blog here! Also your website loads up fast!
    What host are you using? Can I get your affiliate link to your
    host? I wish my web site loaded up as fast as yours lol

  11. July 30, 2013 at 7:27 am

    I needed to thank you for this excellent read!! I definitely loved every bit of it.
    I have you book marked to check out new things you post…

  12. July 31, 2013 at 6:43 am

    Generally I do not read article on blogs, but I wish to say
    that this write-up very compelled me to check out and do so!
    Your writing style has been amazed me. Thank you,
    quite nice article.

  13. November 28, 2013 at 1:28 am

    They were formed into battalions, led by white officers
    canada goose ladies montebello parka http://www.roomkeypms.com/canadagoose//

  14. December 6, 2013 at 2:30 pm

    We are a group of volunteers and starting a new scheme in
    our community. Your web site offered us with valuable information
    to work on. You have done a formidable job and our whole community will be grateful
    to you.

  15. January 1, 2014 at 8:21 am

    Unquestionably consider that that you said. Your favorite reason appeared to be at the web the
    simplest thing to consider of. I say to you, I certainly get annoyed at
    the same time as folks think about worries that
    they plainly don’t recognise about. You controlled to hit the nail upon the top and defined out the entire thing without having side-effects ,
    folks can take a signal. Will probably be again
    to get more. Thanks

  16. January 29, 2014 at 7:57 am

    you’re truly a excellent webmaster. The site loading velocity is
    incredible. It sort of feels that you are doing any unique
    trick. Also, The contents are masterpiece. you’ve performed a excellent job in this
    topic!

  17. July 3, 2014 at 7:51 am

    Hmm it seems like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up
    what I had written and say, I’m thoroughly enjoying your blog.
    I as well am an aspiring blog blogger but I’m still new to the whole thing.
    Do you have any tips and hints for novice blog writers?
    I’d definitely appreciate it.

  18. July 10, 2014 at 9:15 pm

    I like the valuable info you provide in your articles. I will bookmark your blog and check again here frequently.
    I am quite sure I’ll learn many new stuff right here!
    Best of luck for the next!

  19. July 16, 2014 at 3:41 pm

    Hurrah! In the end I got a blog from where I
    can in fact take useful data regarding my study and knowledge.

  20. August 17, 2014 at 2:47 am

    Nice post. I was checking constantly this blog and
    I’m impressed! Extremely helpful information specifically the
    last part :) I care for such information much. I was looking for this certain info for a long
    time. Thank you and good luck.

  21. August 20, 2014 at 10:16 pm

    What i do not understood is if truth be told how
    you are now not actually much more neatly-favored than you may
    be now. You are very intelligent. You realize thus considerably in the case of
    this matter, made me for my part believe it from numerous various angles.
    Its like men and women aren’t involved unless it’s something to accomplish with Lady gaga!
    Your own stuffs great. Always take care of it up!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: