A recent blog posting by Louise Story of the NY Times demonstrates why we at CDT have had trouble writing about Facebook’s latest privacy dust-up, best explained by the examples of Facebook users who unwittingly had their Christmas purchases exposed to their entire gift list.

When CDT originally discussed the Facebook “beacon” with the company, we were told that notice and consent would be clear. However, we believed from the beginning that this would be a difficult task for Facebook and the implementation would be key to getting it right. This week has been a slog in that direction as the company posted and re-posted subsequent versions of notification and consent boxes. It is clear that Facebook is moving in the right direction, but only the Facebook community is going to be able to decide whether they’ve gotten it right, and whether Santa’s secrets remain at the North Pole.

This privacy mess is an example of how hard it is to get notice and consent right. Facebook had a strong incentive to make it work from the beginning, but they have already clearly failed several times. Trust is the currency of social networking; ill-spent, that currency is hard to regain. That’s why testing for privacy concerns, and working with the community before pushing out possibly intrusive new features, is imperative. Such practices help build a community of trust; get it wrong and the user base becomes spooked, always waiting for the “next wrong thing” to be revealed.

And there is a deeper lesson here: the conventional wisdom that social network users don’t care about their privacy is just wrong. While they may post personal information about themselves on the Web, they still want to control their own information. When decisions are made on their behalf, they will rebel.

This entry was posted on Friday, November 30th, 2007 at 5:39 pm and is filed under CDT, Consumer Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.