The report issued by the DP Commissioner’s office earlier this week, following their audit of privacy policies and practices in Facebook, was something of a damp squib.
Many clients with whom I have spoken over the past few weeks, particularly those who acquire and hold client data via their online ‘presence’, were eagerly awaiting the findings. Facebook has muscled its way to the top of this very new social media industry, and to a variation of the old saying, ‘when Facebook sneezes, everyone catches a cold’. The implications for all internet service providers would rest on the outcome of the Commissioner’s findings.
So what did we learn? For starters, we now know that the process is very much ‘under way and ongoing’, rather than finished. The engagement has been positive, constructive, and has already led to changes and modifications of their procedures by Facebook staff.
A further report is now expected in July 2012, by which time the Commissioner expects to see evidence that many of the 40-odd recommendations arising from this initial report have been actioned and resolved. They will, Facebook say, take advantage of the Audit to ‘strengthen (their) existing practices’.
Bear in mind that the dubious privilege of conducting this audit fell to the Irish Commissioner, because the data management decisions and strategies being developed at Facebook Ireland set the policy for the social media provider in nearly every country in the world, aside from the US and Canada. A ‘hospital pass’ from his fellow Commissioner in Austria, since that was where the original set of 22 complaints regarding Facebook’s privacy policies was raised.
So watch this space for more definitive guidelines on how on-line interaction and social media can be managed in a manner that protects privacy while evolving as a leading-edge, new technology.
The Facebook story pitches up a classical dilemma for the techno-entrepreneur – how to design, develop and deploy new functionality while remaining in compliance of legislation that was drafted 15 or 20 years previously. The most recent instalment of DP legislation, at European level, was in 1995, when ‘clouds’ were grey and threatening or white and fluffy, and when a ‘hard drive’ was the Friday evening rush-hour commute through Monasterevin. An ‘external hard drive’ was to complete the same journey, on the back of a motorbike, in the rain (OK, I should acknowledge the influence of the good people at the Laughter Lounge here).
I believe that this story is less about Facebook being asked to comply with existing DP legislation. I am reminded almost daily that the real issue here is not about intrusion on our privacy – it is about the gradual but steady reduction of our expectation of privacy. New applications, default settings and time-efficient, convenient processes are geared towards the erosion, bit by bit, of our resistance to our data being visible and accessible to others.
Our new ‘smart’ phone is set to assume that we want to share our GPS location with others in our contacts list; our e-mail provider provides us with pre-set facilities to contact those with whom we are regularly in touch; our social networks assume that the friends of our friends are our friends too, and share our information accordingly. And many of those applications are built to assume that, if we express an interest in ( or ‘like’) a product, a service or an opinion, that this preference should be passed on to the manufacturers or service providers, so that they can contact us directly and tell us, and sell us, more.
This will be a slow but persistent process – a cultural mind-set will not change overnight. But I recognise that erosion in the conversations I have with my own children and their friends – the easy access to social and personal information about friends and ‘frenemies’ is a given, no longer a novelty.
In my view, the challenge for the DP Commissioner, in working with Facebook and others in this industry, will not be to rein them in and impose compliant structures. It will be to challenge the assumptions and executive mind-set which is defining the (almost) global policy of these organisations. I am neither hopeful nor optimistic about the outcome, but we at the ICS will continue to fight the good fight!
Have a peaceful and restful Christmas, use the .bcc field for your Christmas greetings, and challenge every and all attempts to collect your personal data. And check our web-site (www.ics.ie) for information on our upcoming course and DP events.