What we can learn about privacy from Facebook

Social networking site Facebook is rarely considered to be at the forefront of fighting for user privacy, but that's exactly what Mozelle Thompson wants to tell the world.

Thompson, a former U.S. Federal Trade Commissioner, oversaw such mergers as AOL/Time Warner and HP/Compaq, and is now an advisor to Facebook on privacy issues.

On a recent trip to Australia to speak at the Australian Privacy Conference, Thompson said organisations would be wise to study Facebook to learn about user expectations around privacy.

Facebook, which profits from serving advertisements to user pages based on the data they feed into the system, has a history of riling privacy experts.

And Thompson doesn't deny that Facebook has made its mistakes.

The company's aborted Beacon initiative, which imported user activity from third party sites into the Facebook feed without direct user control, "could have been handled differently, especially in terms of disclosure.

"Facebook has learned from that experience," he said. "Look, Facebook is at the cutting edge of technology - so it gets a lot of attention. And maybe its a good thing Facebook generates attention to privacy issues."

But Facebook is rarely given appropriate credit for "responding to issues" and improving the service accordingly, he said.

Thompson lauded Facebook for "doing a great job of including people in the decision making processes."

He said Facebook would never have beaten a competitor five times its size (in New Corp's MySpace) without providing user control.

"The users' influence on Facebook's terms of service is very unusual and groundbreaking," he said. "The hallmark of Facebook is the democratisation - people feel like they have invested themselves in it. It is very powerful for them - it is a tool to manage their relationships with the people they know. And they might even use it to challenge their government in Iran or challenge terrorists in Columbia. People who use the site are attached to it because it is an extension of their lives.

"The question is: where is everybody else on this? Facebook has set the standard."

Lessons for corporate IT departments

Thompson said that the Web 2.0 world has changed the dynamics of communications forever.

"We have changed from a top-down model to a distributed one," he said. "You can't just blast out a message and expect people to act on the message. It's now a distributed model - the most effective messages are people making recommendations to other people."

Users desire tools to manage their lives, he said, but are beginning to understand that there is a trade off they have to make between "sharing information" and "controlling where it goes."

"Users will gravitate to sites that offer them control of those tools," he said. "And so the lesson is - the companies that put privacy at the centre of what they do will do better in this always-connected world.

"More than ever, information is an important asset to companies. But they need to understand when collecting and using information that it belongs to people."

Key challenges ahead

Thompson said he was encouraged to hear US President Barack Obama warning school students on what they put on their social networking profiles.

"The question is, how do we teach people about how to look for privacy controls and how to use them? How can we provide them the ability to exercise their judgement - to know that just because a picture of you that looks good at 16, it doesn't mean it will look great at 26?"

But Thompson warned that "there is no Government or company that can protect the 150 million users that log in to Facebook every day from every faux pas they might make on the web."

To some degree, it has to come down to users taking some responsibility, he said.

"People are now their own PR agencies. People are starting to recognise, at a young age, they will be on the internet even if they kept their mouth shut. So they have to take charge. If there will be something on the internet about them, they would prefer to control it."

Thompson said he believed Facebook is trusted by users on privacy issues, despite a litany of "myths" - for example, that user data on the network can never be deleted.

He said Facebook would prefer not to have to bear the expense of storing such data.

"Facebook had 100 million users 18 months ago, last week it was 300 million, and it is adding one million more users a day," he said. "The evidence speaks for itself."