This is a preview of how your content will look on export. To export the complete content in DOC format, click the blue export button in the upper right corner of this page.
False Privacy Protection Claims
by Christian Nossokoff. Online privacy has been a topic of great concern since the turn of the century.  Almost every website has a privacy policy that some users may or may not know they agree to. We often click “I Accept” without knowing what we accept to, but the alternative is reading through what seems like and endless box of text, filled with formal terms and jargon. So with that said, wouldn't it be easy for companies to put things in their privacy policy that you might not be okay with because they can count on you not reading it? I take a look at the case of the FTC versus Facebook in 2011 regarding the use of third party applications. Facebook users were not made aware of the fact that Facebook could disclose their information to third party applications. Various studies about social media and privacy policies are also analyzed to show what privacy and privacy policies mean to users. 
  • 1 Complaint FTC v. Facebook 2011

  • 2 Annotation of FTC Complaint v. Facebook 2011

    Annotation by Christian Nossokoff

    The FTC filed this complaint on the grounds that the Respondent, Facebook, was in violation of the Federal Trade Commission Act, specifically regarding commerce.

     

    Commerce is defined in Section 4 of the FTC Act:

    “'Commerce' means commerce among the several States or with foreign nations, or in any Territory of the United States or in the District of Columbia, or between any such Territory and another, or between any such Territory and any State or foreign nation, or between the District of Columbia and any State or Territory or foreign nation.”

     

    The required information to register with Facebook includes: name, gender, email address, and date of birth.

    Optional information that can be included at the time of registration includes: profile picture, hometown, sexual orientation, relationship status with romantic partners and family members who are also users of the site (boyfriend, girlfriend, fiance, husband, wife, brother, sister, mother, father, etc...) political views, religious beliefs, likes and interests (activities, movies, books, music etc...)  and education and employment.

    Information on user activity on the site over time includes: friends list of other Facebook users, “liked” pages of brands, organizations, interests groups, celebrities or any other entity, pictures and videos that both the user has uploaded and that other users have uploaded and “tagged” them in, and posts and comments made by the user on other users’ profiles and content.

     All of this profile information is stored by Facebook controlled computer network.

     Differing Platform Applications are available for use through Facebook. Users can approve Applications themselves, allowing the Application access to their profile information. But even if a user has not authorized an Application, the Application may still have access to some profile information because a user’s friend has authorized said Application.

     

    Citation:

    FEDERAL TRADE COMMISSION v. FACEBOOK INC., Complaint, Ftc.gov. Federal Trade Commission. Web. 30 Mar. 2016.

  • 3 Decision and Order FTC v. Facebook 2011

  • 4 Annotation of Decision and Order FTC v. Facebook 2011

    Annotation by Christian Nossokoff

     

    This decision and order by the FTC lays out what Facebook is required to do.

    Facebook must let consumers know exactly what information is being collected and what inforamtion will be disclosed. Instructions on how to control privacy options must be provided. 

    The extent of which users' information can be used by third parties must be disclosed and the consent of the user must be collected.

     If an account is deleted, within 30 days the information that a user has deleted, must be inaccesible.

    A dedicated employee and/or department is to be implemented at Facebook specifically regarding privacy policy. Privacy risk assessment must be included in employee training and on product design, development and research.

     And most importantly, any changes to the privacy policy must be explicitly expressed to the user as soon as they go into effect.

     

    Citation: 

    FEDERAL TRADE COMMISSION v. FACEBOOK INC., Decision and Order, Ftc.gov. Federal Trade Commission. Web. 30 Mar. 2016.

  • 5 Bloomberg Law Interview on FTC v. Facebook with CIPP Professional

    Bloomberg Law Interview on FTC v. Facebook with CIPP Professional

  • 6 Study: Evaluation of Online Privacy Notices

    Study conducted by Georgia Institute of Technology looking at the viability and practice of privacy policies, with a total of 64 analyzed.

  • 7 Annotation of Evaluation of Online Privacy Notices

    Annotation by Christian Nossokoff

    This study was conducted by Carlos Jensen and Colin Potts of Georgia Institute of Technology and the paper presented at the Conference on Human Factors in Computing Systems (CHI2004) in Vienna, Australia. 

    It looks at the viability and practice of privacy policies, with a total of 64 analyzed.

     It is described that 70% of respondants to a 2001 survey worry about their online privacy, and that 69% in another study said they take their own preventative action against online privacy invasions.

     Privacy policies are unavoidable. They are implemented by the vast majority of websites. They're supposed to inform consumers and aid them in decision making. But it is challenging to put forth all of the necessary information without overwhelming users.

     With so many different policies and no real standards or regulations on what needs to be in them, it is difficult for users to determine what the privacy policy is worth to them.

     Two sets of websites were studied. The first set was made up of 47 of the 50 comScore Media Metrix Top 50 U.S. Internet Property Rankings. They were high-traffic sites, so the results would be practical for users because they frequently experience policies like these. The second set studied were health-care websites in order to examine the effect over time regulations have had on policy after HIPPA went into effect over July 2001-September 2003.

     Policies were analyzed based on 4 criteria:

     

              1. Accessibility

              2. Readability

              3. Content

              4. Notification

     

    The study determined that even if entities comply and follow all rules and regulations, privacy policies are unusable to consumers unless they check the policy in-depth, every time they visit the site. 

     The privacy policies were not easily accessible in many cases.

     In a study done in a university setting, out of the 55,158 people who visited a set-up, standalone website, only 131 viewed the privacy policy.

     

     

    Citation: 

    Jensen, C., & Potts, C. (2004). Privacy policies as decision-making tools. Proceedings of the 2004 Conference on Human Factors in Computing Systems - CHI '04. doi:10.1145/985692.985752

  • 8 Study: Information Revelation & Privacy in Online Social Networks

    Study conducted in 2005 at Carnegie Mellon University. This study is relevant to the FTC v Facebook 2011 case because it shows how users already willingly provided an alarming amount of personal, and even sensitive, information.

  • 9 Annotation of Information Revelation & Privacy in Online Social Networks

    This study was conducted in 2005 at Carnegie Mellon University by Ralph Gross and Alessandro Acquisti in Pittsburgh, Pennsylvania. 

    This study is relevant to the FTC v Facebook 2011 case because it shows how users already willingly provided an alarming amount of personal, and even sensitive, information.

    The entire Facebook population at CMU (4,540 profiles) was included in this study.

    It is important to note that the popularity and size of social networks have increased dramatically since the study was conducted.

    The point of the study was to evaluate college student’s online behavior on social networking sites, including how much information they made available on their profiles and how they use sites’ privacy settings.

    Results show possible dangers and breaches of privacy, and that only a small percentage users modify settings to protect their privacy.

    39.9% of users provided their phone number on their profiles. 50.8% provided their current residence. 87.8% provided their date of birth.

    89 out of a sample of 100 profiles used the real, full name of the user.

    A Facebook user’s affiliation with another user is divided into 4 different categories: friends, friends of friends, non-friend users at the same institution, and non-friend users at a different institution.

    The population of Facebook users we have studied is, by large, quite oblivious, unconcerned, or just pragmatic about their personal privacy” (Gross and Acquisti 8).

    Although privacy settings are able to be modified, they rarely are. An overwhelming majority of users keep what the study calls the default permeable privacy settings.

    The personal information users are revealing even on sites with access control and managed search capabilities effectively becomes public data” (Gross and Acquisti 9).

     

    Citation:

    Gross, R., Acquisti, A., & Heinz, H. J. (2005). Information revelation and privacy in online social networks. Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society - WPES '05. doi:10.1145/1102199.1102214

You've reached the bottom of your content preview.
To view the rest in your browser, click here.
To export the complete content in DOC format, click the blue export button in the upper right corner of this page.

(Note: If you view the entire playlist, any changes you've made to export settings will be lost. Large playlists may temporarily freeze your browser while loading, as well.)