Fine Print Friday is a weekly column where I examine and analyze Contracts that affect many of us in our daily lives. These are typically contracts we are bound to sign if we want a product or service, and we have no choice in the contract’s terms. Each Fine Print Friday post will point out a few interesting provisions the average reader may not have noticed.
**Please Note: Fine Print Friday is not legal advice. If you need legal advice about a contract you have signed that happens to appear in Fine Print Friday, please consult an attorney. If you live in Minnesota, please contact me and I will be happy to discuss your situation.**
This Week’s Fine Print Friday Contract: Facebook’s Service and Privacy Agreements
Facebook has become one of the world’s largest social media sites, with around 400 million members chatting away, sharing pictures, videos, status updates, personal messages, invitations, gaming, and all other manner of activity. As Facebook has increased its size and influence, and altered its interface, it has been under increasing scrutiny regarding users’ rights and responsibilities, most notably with regard to their privacy.
In light of these growing concerns, I am dedicating this week’s Fine Print Friday to pointing out some of the important provisions in Facebook’s Statement of Rights and Responsibilities (SRR), and Facebook’s Privacy Policy (PP), both of which members automatically agree to by using Facebook. (The parenthetical abbreviations are for the purposes of helping you find the sources in these documents for what I have pulled out of them below.)
Please note that there is far too much information in these documents to examine everything, so I will do my best to highlight what I think are the most interesting or important portions of these agreements. I hope you find this as informative as I did.
1. Content Ownership: You own all the content and information you put on (or send through) Facebook, with a number of exceptions. Here is one: Facebook can use anything covered by intellectual property laws, including photos and videos among other things, royalty-free and worldwide, and can transfer that right of use to anyone else it wants. This right ends if you delete that content, and is likely just for the purposes of marketing and advertising, but if you put your thoughts, pictures, or business models on Facebook, they can use it. (SRR 2.1) You may, however, limit the content that is used for Facebook’s advertising via your privacy settings. (SRR 10.1)
2. Applications: Any application (Mafia Wars or Farmville, for instance) you use on Facebook that requests access to your profile is not bound by the same terms as Facebook sets out for itself, but by using the application, you accept their terms automatically. (Facebook says that they try to ensure adherence to their rules, but cannot monitor every application.) Applications are allowed to access all of your information (unless you have intentionally restricted some of it via Facebook’s privacy settings), as well as the information of all of your Facebook friends. Applications can also use or publish that information, or generate stories based on it without limitation. (SRR 2.3; Facebook Platform)
3. Predators: Convicted sex offenders are not allowed to use Facebook. (SRR 4.4)
4. Data Collection 1: Facebook can analyze data collected by applications for any purpose. Since applications are not bound by the same terms as Facebook in terms of data collection , presumably Facebook can access any data that you may exempt them from via their privacy settings but have not exempted the application from collecting. I have not heard anything about this practice occurring, but according to the agreement, this is a theoretical end-run around Facebook’s own privacy policy. (SRR 9.17) To restrict the information available to applications, you need to adjust your application settings, not just your privacy settings.
5. Publicly Available Information: Your name, profile photo, list of friends and pages you are a friend of, gender, geographic region, and networks you belong to are considered publicly available information and are not able to be limited via your normal privacy settings. You can restrict the ability of people to find these things via search by going specifically to your search privacy settings, but these will not be addressed through the changes you make in your general profile information privacy settings. (PP, third bullet)
6. Transaction Information: Facebook can retain the details of transactions or payments made through Facebook. They only keep the account number with your consent. (PP 2, Transactional Information)
7. Data Collection 2: When you interact with Facebook, they collect information on: (a) all the actions you take on Facebook (e.g., friending, liking, commenting, uploading, etc.); and (b) all the pages you visit, the device from which you are accessing Facebook, your browser, your location, and your IP address. They also utilize cookies for the purposes of logging in, interaction with applications, interaction with widgets and Share buttons, and advertisements.
8. Deleted Content: Content that is deleted (or an entire account that is deleted) may still be accessible or viewable if it was shared with others or “otherwise distributed pursuant to your privacy settings.” I have no idea what that quoted phrase entails, nor does the PP attempt to describe it. (PP 3, Sharing information on Facebook, fourth bullet)
9. Data Collection 3: “[B]y default, every application and website, including those you have not connected with, can access ‘everyone’ and other publicly available content.” And since almost all your information defaults to the “Everyone” setting, you are sharing just about everything on Facebook with anyone who wants to see it. (PP 3, Facebook Platform, third bullet)
10. Viewable Information: Advertisers can access and see information you have marked as invisible to other users, “such as your birth year or other sensitive personal information or preferences.” Personally identifiable information may be shared for social ads, which are not defined. The example Facebook gives for a social ad is: “we may display your name and profile photo next to an advertisement for that Page that is displayed to your friends. We only share the personally identifiable information visible in the social ad with the friend who can see the ad.” But no further examples of social ads or circumstances in which they will show personally identifiable information are given. (PP 4)
11. Information Sharing: Facebook may share any of your information in any number of ways. About half the reasons are for the purposes of inviting other people to be your friends; most of the rest of the circumstances involve service or advertising partners. All transfers of information you have not initiated in this section are designated as being either aggregate or non-personally identifying, and are simply for the purposes of identifying their target markets. (PP 5)
Some Speculations:
Although it’s not specifically addressed in the agreements I examined for this post, it struck me that Facebook has the ability to alter these agreements unilaterally at any point (the SRR I used for this post was last revised on December 21, 2009). And although that’s not unusual for contracts of this sort, at least with credit card agreements, for example, a notice is sent out when the terms change. With Facebook, they assume that you agree with all the new terms as soon as you sign on and use Facebook again after they have changed those terms, even though no notice was ever given to you through either email or a notice to your Facebook profile. Facebook’s answer to this is to suggest that you become a Fan of the Facebook Site Governance Page, although given that I wasn’t even aware that existed before reading through the whole agreement, it’s not likely that there are many people getting notice of these amendments. Personally, I think this is a dicey method of amending their agreements, because members aren’t even receiving notice of the amendments. At least with credit card agreements, they let you know about the effective date of the amendment before your failure to opt out determines that you accept the amendments.
Enough editorializing by me, though. This marks the end of another Fine Print Friday. I hope that it was informative and helpful, and that even if you don’t change any of your privacy settings, you at least have a better sense of what you are sharing, and with whom.
If you have concerns about the privacy of any of your information, you can contact the proper Facebook department here. You may also send snail mail to them at: 1601 S. California Avenue, Palo Alto, CA 94304. If you do not get a satisfactory response from Facebook, you may contact TrustE, of which Facebook is a certified licensee.
Thanks for reading. As always, if you have requests or suggestions for other topics for Fine Print Friday, please leave them in the comments below.
About Graham Martin
Graham Martin is a solo practitioner focusing on Contract law (including drafting, review, and litigation). He operates Martin Legal Services, LLC in the Minneapolis-St. Paul area.
