You are on page 1of 2

June

16, 2010

Facebook Response to Privacy Groups Open Letter

Facebook won widespread praise from users around the world and the privacy community last
month for introducing simpler and more powerful controls for sharing personal information.
We plan to continue to make control easy and effective for all the people who use our service
and will continue to engage these groups and others in a constructive dialogue about these
important issues.

Point-By-Point Responses:

1) Fix the app gap by empowering users to decide exactly which applications can access their
personal information.

We have heard these concerns and announced our intention to build a new data permission
model last summer. Details were announced in April and the product is scheduled to launch to
all developers in the coming weeks. Also, as part of the recent changes, we added a simple way
for people to completely turn off Platform applications and websites, so that none of their
information is ever shared with applications, even information otherwise available to everyone.

2) Make instant personalization opt-in by default.

The instant personalization pilot program has been widely misunderstood. The only
information the three partners currently in the program receive from Facebook is users public
information. This means that our partners cannot access anything other than the same
information that anyone could access simply by going to a Facebook users profile. In addition,
we've made it easier for people to turn off the instant personalization pilot program, which
prevents those, and any future, applications in the program from accessing their information.
We have also imposed restrictions on how partners can use the information they receive from
Facebook. That information cannot be sold or shared with others or used in any way other than
to improve the experience of Facebook users visiting their site.

3) Do not retain data about specific visitors to third party sites that incorporate social plugins
or the like button unless the site visitor chooses to interact with those tools.

Social plugins are widgets, and they work the same basic way all widgets across the Internet do.
The URL of the webpage the user is viewing must be sent to Facebook for Facebook to know
where to render the socially relevant content. However, different from many other services,
we only store this information temporarily (for no more than 90 days) solely for the purpose of

1601 South California Avenue, Palo Alto, California 94304


650.543.4800 tel 650.543.4801 - fax
improving and protecting the service. We do not use it for ad targeting, nor do we sell it to
third parties.

4) Provide users with control over every piece of information they can share via Facebook,
including their name, gender, profile picture, and networks.

As part of the changes we announced last month, Facebook reduced the amount of user
information that must be available to everyone. This information is now limited to name,
profile picture (should a user choose to have one), gender (though this can be hidden on the
profile), and networks (should the user join any). We also responded to concerns by allowing
users to restrict visibility of their friend lists and pages they "like." Just like with other fields of
data, users can decide to share this content with friends, friends of friends or everyone. It has
been our experience that people have a more meaningful experience on Facebook when they
share some information about themselves. That way, they can find friends and friends can find
them, which is the reason most people come to Facebook.

5) Protect Facebook users from other threats by using an HTTPS connection for all interactions
by default.

We are currently testing SSL access to Facebook and hope to provide it as an option in the
coming months.

6) Provide users with simple tools for exporting their uploaded content and the details of their
social network so that users who are no longer comfortable with Facebooks policies and want
to leave for another social network service do not have to choose between safeguarding their
privacy and staying connected to their friends.

Users rely on us to protect their data and enforce the privacy decisions they make on Facebook.
We take this trust seriously and work aggressively to protect it. Facebook imposes no
restrictions on users that prevent them from exporting the content that they have posted
themselves on Facebook. We have open APIs that permit applications to export this
information. However, we dont allow exporting of content that is created by others because it
doesnt respect the decisions users make on Facebook about how to share their data. Frankly,
were surprised that these groups would advocate for a tool that would enable one person to
strip all of the privacy protections for any information that has been shared with them. We
created Facebook Platform to permit the sharing of user information in a controlled manner
that does respect the decisions people have made, and we continue to build tools for
developers to make Facebook more open.

For additional information contact press@facebook.com

1601 South California Avenue, Palo Alto, California 94304


650.543.4800 tel 650.543.4801 - fax

You might also like