A Wake-Up Call for Users in Facebook-Beacon Controversy

In the wake of Facebook’s disastrous Beacon advertising program, privacy experts wonder if the company’s overzealous use of customer information will force corporate IT departments to analyze how their corporate data intersects with the social networking trend.

More on CIO.com

Facebook Admits Beacon Tracks Logged-Off Users

Privacy Concerns Prompt U-Turn at Facebook

Give Facebook CEO a Break

Google Gets Earful on Gmail Plan

On Dec. 5, Facebook CEO Mark Zuckerberg apologized in his blog for the Beacon program, which tracked the purchases of Facebook users on third-party websites such as Overstock.com and Fandango.com. The information about those purchases was then pushed to friends of that user on their respective Facebook homepages. As an example, if one person booked a movie ticket on Fandango, his or her friends might get a notification that showed his purchase.

The program was criticized by progressive advocacy group Moveon.org, which quickly garnered nearly 70,000 signatures in opposition to the Beacon service for not having an adequate opt-out function. Zuckerberg announced in his apology that an opt-out is now possible.

By all measures, users pushed back more than Facebook anticipated. Though people commonly believe the young demographic that has evangelized social networks like Facebook and MySpace would subscribe to a no-holds-barred sharing policy, in reality it wants to share information on its own terms, says Larry Ponemon, founder of the Ponemon Institute, a privacy and business ethics think tank. “They view social networks as a private organization,” he says. “It’s groups or people you know who you choose to share information with.”

Paul Stephens, a director of policy and advocacy with the Privacy Rights Clearinghouse, says the Facebook-Beacon incident serves as a stark reminder that users of websites that host their information should be aware that companies like Facebook use a lot of the data for business purposes. That’s especially true in the consumer space, he says, where social networking sites rely on advertising for revenue. Stephens says the incident could serve as a wake-up call.

“There is a lot that goes on behind the scenes, so in a way, perverse as it sounds, this is a good thing because people might examine their actions online and be aware of the abuses that can occur,” he says.

Many incidents over the past few years mirror the current advertising controversy at Facebook. When Gmail came out, users decried Google’s trolling of their e-mail boxes for keywords to deliver them targeted ads. Not long after the service launched, however, the Internet company addressed the problem with an opt-out feature whereby users click “yes” or “no” when they set up their accounts.

Over time, Ponemon notes, that increased transparency helped the users get over the trolling issue because they know their free access to Google’s software needs to be subsidized in some way. “People accept it because Gmail is fun and free and helpful in their daily lives.”

Stephens says the concerns consumers expressed over Facebook’s advertising program should extend to businesses as well. In recent years, companies have increasingly adopted hosted software-as-a-service offerings. Even the hosted vendors with strong policies have little control over getting subpoenaed for information from the government or even for civil cases, he says.

“If you were served with a subpoena, if the information is saved on your computer, at least you have the power to get legal counsel and try to protect it,” he says. “If it’s contained on someone else’s server, the odds are that company won’t incur legal expenses to protect it.”

Ponemon notes that the innovation will continue to happen in the consumer space and there will be more hiccups like the Facebook Beacon ads. In the end, however, he says it won’t shake users’ gravitation toward storing their information on the Web and hosted services.

“They assume the risk because the benefits of the Internet are just so great,” he says.