OPINION30 November 2011

What the Facebook FTC settlement means for market research

News Opinion

Privacy, control, consent. Three words that sum up the Federal Trade Commission’s demands of Facebook. Three words researchers can’t avoid.


Facebook’s privacy settlement with the Federal Trade Commission (FTC) should have big implications for social media market researchers. Admittedly much won’t change on the site itself – the substance of the FTC’s complaint relates to events that occured back in 2009 and Facebook CEO Mark Zuckerberg reckons that much of what the Commission demands has already been addressed. But the settlement does concentrate the mind on an issue that some researchers have dismissed too easily.

This summer saw a debate about the ethics of conducting research in social media, particularly the scraping and mining of publicly available consumer-generated information relating to products, brands and services. On one side were those who felt that it was still important – even if not always strictly required by industry codes – to gain the informed consent of the research participant when using their information. Against them were those who argued that public data is there for the taking.

Yet the legal and ethical basis for the latter point of view is looking increasingly shaky in the light of the Facebook settlement. Even more moderate voices, who put forward the idea that researchers could assume consent for the use of social media data based on a site’s privacy policy and terms of service, may need to think again.

“How do researchers respond knowing that errors of technology, ethics and judgement are commonplace? Can they – and more importantly, should they – trust the terms of service and privacy policies of social media sites?”

Not a case of caveat emptor
It was the FTC’s contention that Facebook users had been “deceived” by the company – that promises about privacy weren’t met. ‘Caveat emptor’ is a phrase commonly uttered by those who have no sympathy for social media users who don’t inform themselves about what they’re letting themselves in for when signing up to sites. But caveat emptor would only apply if the seller isn’t concealing anything or making misrepresentations about what they have to offer.

Facebook has not admitted violating the law in its settlement with the FTC. But Zuckerberg owns up in a blog post to making “a bunch of mistakes” over the years as the site has grown and it has tried new things, like the Beacon service, which shared people’s online buying habits with their friends, and the transition to a new privacy model that made public sharing a default setting.

But Facebook isn’t the only company making these sorts of mistakes. Klout, a service that scores the influence an individual has within their social network, recently took some flak for creating profiles of people without their permission. The company was relying on publicly available information, but it happens that some of the people it profiled were minors. “We messed up on this one and are deeply sorry,” said founder Joe Fernandez. “It is critical that we are model citizens… and do everything we can to respect the privacy of our users. That said, like Facebook, Google, and nearly every other company in this space, we are working hard to figure this out, but will not always get everything right.”

Mistakes can be forgiven, but they won’t be forgotten. The question is, how do researchers respond knowing that errors of technology and ethical judgement might be commonplace? Can they – and more importantly, should they – trust the promises a site makes to its users about its terms of service or privacy policy? Legal recourse for misuse of data might land on the website itself, but does that mean researchers are absolved of all ethical and moral responsibility to the people they are taking data from? And what about clients too? Forget the social media context and consider whether it would be acceptable to pass on data that had been sourced from a recruiter suspected of using dubious methods to recruit respondents.

The personal information economy
It is also worth considering where online privacy may go from here. Facebook has already given users significantly more control over how and where their information is shared in recent months, with control only likely to increase still further given the demands of the FTC and the commitment to 20 years of privacy audits. Meanwhile in Europe legislators are proposing a “right to be forgotten” and a tougher set of data protection controls which they want to make enforceable on all companies serving EU markets, regardless of where they are based.

A “right to be forgotten” might be a stretch too far in such a networked world where data is so widely distributed, but the argument that consumers should expect privacy by default seems to be winning. Last week New York senator Charles Schumer demanded that a company called Path Intelligence change its policy to only track consumers who had opted in to the company’s survey, which anonymously monitors consumer movements around retail outlets using signals given off by mobile phones. Frustrating as it may be to some businesses, it seems the promise of anonymity is no longer enough.

So as privacy, control and consent become universally accepted concepts governing the web, researchers and marketers will have to find ways to barter with consumers to gain access to the most valuable information they hold. Writing in the December issue of Research, The Future Laboratory’s James Kennedy says we’re already seeing the start of the ‘personal information economy’ with tools like Ghostery and Allow giving consumers the ability to manage, trade and track their information in ways that benefit them.

Perhaps it will be Facebook that really sets the wheels in motion. In the wake of the FTC settlement Zuckerberg has pledged to make Facebook “the leader in transparency and control around privacy”. He says: “We will serve you as best we can and work every day to provide you with the best tools for you to share with each other and the world.” Researchers included, hopefully.


13 years ago

This is all really great news, but there’s still pieces missing to this story...What about our privacy outside of Facebook? Something needs to be done about the fact that they can still track our activity outside of the social network. More on the tracking side of the story here: http://www.abine.com/wordpress/2011/facebook-ftc-settlement-you-still-cant-get-the-most-critical-privacy-setting-you-need/

Like Report

13 years ago

Privacy, control, consent. Three words that sum up the Federal Trade Commission’s demands of Facebook. Three words that will guide the development of the social network for the next two decades. Three words that researchers can’t avoid. "What are three words that Sean Bruich, Head of Measurement Research, Facebook, did NOT use during his presentation to ESOMAR in October".

Like Report

13 years ago

can we even trust information provided by web users?

Like Report