Is Facebook really using its new terms of service to own your data?

Facebook introduced a new terms of service agreement earlier this month for its 175 million users. But the changes went mostly unnoticed until the Consumerist blog published an article on Sunday saying the new terms allow the social network to “do anything we want with your content, forever.”

As is usually the case with such sensational headlines, the reality of the situation is far more complex. So here’s a quick look at what the issues were, and whether or not you should be concerned.

For starters, Facebook’s terms of service are relatively similar to Google’s — and to those of many other web services — as an actual lawyer (not just an armchair blogger) pointed out yesterday. But the revised terms do go a bit further than those offered by some other major web properties in that they seemingly give Facebook rights to data you upload from other sites (like your photos, including from other photo sites like Flickr?) as well as rights to data contained on sites that let you share information back to Facebook.

What can Facebook retain? The following part of the revised terms suggest you actually are giving the company rights to a wide range of your content:

You are solely responsible for the User Content that you Post on or through the Facebook Service. You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You represent and warrant that you have all rights and permissions to grant the foregoing licenses.

A Facebook spokesperson has responded to the charges by saying that everything you share is subject to the privacy settings that you manually set within the site (as the clause above seems to indicate). Facebook automatically comes with settings that enable only people in your “network” (your college, your workplace, your geographic area) and your friends to see your full profile. People who find your profile through search results or through friends-of-friends will see a limited version. You can change this so that only your friends can see your full profile, for example. So that apparently precludes Facebook from using data you upload in a way that you don’t specify in your settings (it wouldn’t be able to use the private photo album of your party for ads promoting itself, for example). But the terms do allow the company to retain information like posts you make on your friends’ walls. Here’s more, per a statement issued by the company:

[I]f you send a message to another user (or post to their wall, etc…), that content might not be removed by Facebook if you delete your account (but can be deleted by your friend). Furthermore, it is important to note that this license is made subject to the user’s privacy settings. So any limitations that a user puts on display of the relevant content (e.g. To specific friends) are respected by Facebook. Also, the license only allows us to use the info “in connection with the Facebook Service or the promotion thereof.” Users generally expect and understand this behavior as it has been a common practice for web services since the advent of webmail. For example, if you send a message to a friend on a webmail service, that service will not delete that message from your friend’s inbox if you delete your account.

Facebook founder and chief executive Mark Zuckerberg also offered the following clarification in a post yesterday afternoon. “A lot of the language in our terms is overly formal and protective of the rights we need to provide this service to you,” he said. What the terms are really trying to address is the challenge of both maintaining user privacy and allowing third party applications as well as other web sites to access user data through Facebook’s developer tools. From his post:

People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.

Perhaps there are lines in the new terms that lawyers can somehow take issue with, and possibly take Facebook to court for? For the time being, though, this appears to be an issue that’s been blown out of proportion. If you use Facebook, just make sure you have your own privacy settings set how you want them — as the term “privacy settings” implies.

Given the increasing propensity of the average person to share private, highly personal information on semi-public sites like Facebook, this is a ripe area for more sensational headlines to be written (as was demonstrated by many a shrill post this weekend). The next time Facebook makes significant revisions to its terms, hopefully the company will explain the specifics in plain English.


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.

Trackbacks

  1. [...] the terms, which are not much different from the terms used by other services. Eric Eldon gives us a tight overview of this perspective. On TechDirt, Mike Masnick notes that people don’t read policies written in legalese, but [...]