Facebook Reveals Its Privacy Principles For The First Time

Ahead of European regulations, the company says it will soon launch a Privacy Center that will allow users to manage all their privacy controls.

Facebook Reveals Its Privacy Principles For The First Time
[Image: Facebook]

Facebook today for the first time published its privacy principles, a set of guidelines that it says governs how it handles users’ data, and the company attempts to be transparent about how users can control what they share and how their personal information is shared.


The company also says it is launching a new educational campaign meant to help users understand how to manage their data. And within a couple of months, it will unveil what it calls its Privacy Center, a one-stop shop for controlling their privacy settings that was built based in part on feedback from users, policy makers, and experts in privacy.

These moves–timed to Data Privacy Day–come amid a broader period of public and regulatory scrutiny of the influence Facebook has in our lives, and how it’s been leveraged by malicious organizations to attack democratic institutions and trust in fundamental institutions. In recent weeks, the company has made significant changes to its platform, including modifying the News Feed to prioritize posts from friends and family over those from brands or organizations, and to turn to users to try to establish the trustworthiness of news sources.

As for privacy, Facebook’s handling of the issue in years past has led to concerns about how it handles users’ information and protects their privacy. In several cases, regulators have forced the company to take steps to ensure it’s more careful, and in 2011, it agreed to outside audits of its privacy practices for 20 years.

All of that, of course, establishes the context for why Facebook wants to be seen as transparent and helpful when it comes to giving users as much control as possible over their privacy. And according to Facebook policy manager Emily Sharpe, the privacy principles it’s publishing today are “really longstanding principles that have informed our products and privacy practices, [and] we’ve abided by them for a long time.”

Added Sharpe, “Facebook has invested for many years in our privacy protections and controls for [users]. Data Privacy Day is a really nice occasion for us to reach out to people who use our services . . . to be transparent about how we use their data, [and] to make sure they are able to use our services in a way that’s clear and easy.”


In a draft blog post introducing the principles, Chief Privacy Officer Erin Egan wrote, “We recognize that people use Facebook to connect, but not everyone wants to share everything with everyone–including with us. It’s important that you have choices when it comes to how your data is used.”

Here are the principles:

  • We give you control of your privacy. Facebook says it wants to enable users to choose privacy settings that are right for them, and know how to find and adjust those controls.
  • We help people understand how their data is used. The company describes its practices in detail in its Data Policy, but it is also sharing educational tools in users’ News Feed and has things like ad controls on every ad.
  • We design privacy into our products from the outset. Facebook says it incorporates into its product development feedback on privacy design from experts in privacy law, security, engineering, data protection, public policy, product management, and interface design.
  • We work hard to keep your information secure. Facebook designed its security systems to run millions of times a second try to automatically catch and remove threats.
  • You own and can delete your information. Users can decide what they share and with whom, and can delete anything they’ve posted, which is then removed from the company’s servers.
  • Improvement is constant.
  • We are accountable. The company says it conducts comprehensive privacy reviews and puts its products through “rigorous data security testing.” It also says it seeks input on its data practices and policies from legislators, regulators, and privacy experts.

Privacy Center

Last week in Brussels, Facebook chief operating officer Sheryl Sandberg unveiled Facebook’s plans for the new Privacy Center, a single place where users can go to manage all core privacy settings. The announcement came ahead of the implementation of the General Data Protection Regulation in May, a massive overhaul of privacy regulations meant to give Europeans significantly more control over how companies use their data. Online services like Facebook are eager to be in compliance in order to avoid substantial fines.

Although Facebook isn’t saying exactly when it will be rolled out, Sharpe suggested it would be in the coming weeks–and it’s clear the company wants the privacy center to be in place in time for GDPR.

“Do we expect every single person on Facebook will go and read [this]? Probably not,” Sharpe says. “But some people appreciate education. It’s about coming up with new ways to get information to them that’s helpful to them.”


She added that new tools like Privacy Center are a direct response to feedback from users, regulators, and lawmakers that they want the company to be more transparent. That, in part, led to the publishing of the privacy principles.

Another initiative the company has been experimenting with is a global series of what it calls Design Jams. These are essentially hackathons meant to bring together academics, small businesses, designers, engineers, policymakers, and others to educate people about privacy, and in some cases, even help startups rethink their actual privacy systems.

These workshops are going to be rolled out internationally throughout 2018, and have taken place in Brazil and France so far, among other locations. It’s not clear when any will be held in the U.S.

No matter how many changes and updates Facebook makes to its privacy controls, and regardless of what new systems like Privacy Center it implements, the company will likely never satisfy everyone who worries that it is mishandling their data or doing everything it can to be a positive force in the lives of the people who use it daily. It has made commitments to prevent law enforcement and third parties from scraping users’ individual data, and how it keeps those commitments will inform the view that regulators and industry observers have of it in coming years.


For now, though, Facebook is talking a good game. “Privacy’s obviously a company-wide commitment,” Sharpe says. Sandberg “made this announcement in Brussels, and the commitment at Facebook goes to the very top, to Mark Zuckerberg and Sheryl Sandberg. It’s critical to us as a business.”

About the author

Daniel Terdiman is a San Francisco-based technology journalist with nearly 20 years of experience. A veteran of CNET and VentureBeat, Daniel has also written for Wired, The New York Times, Time, and many other publications