Facebook Privacy:

What Privacy?
Executive Summary

Facebook is one of the world’s largest tech companies and has become the preeminent
leader amongst social networking sites. Originally created as a means for college students to
connect online, it has become much more than that, allowing users to not only connect with
friends, family and colleagues but to provide a platform where anyone can contribute opinions,
promote new ideas and share information with billions of people around the world. Through its
ability to collect, interpret and share user data with marketers, Facebook has also created a whole
new way for companies to advertise an array of products and services targeted precisely at their
intended audience.

This case study examines the collection and use of Facebook user information as it
pertains to individual privacy. By analyzing the ethical dilemma the company faces when it
comes to an individual’s right to privacy, it becomes obvious that unintended consequences can
arise as the result of the unclear regulations surrounding data collection. While Facebook’s
privacy policies may seem weak, the organization itself should not have to shoulder all the
blame, instead individual user behavior and technological advances also play a part. Because the
current business model is essentially linked directly to privacy, by selling user data to generate
revenue through advertising, it is safe to assume that a shift in the regulatory environment
towards stricter rules and regulations may have a direct impact on their bottom line.

Facebook will need to reexamine their current business model if they want to remain a
successful and profitable business in the future. If they are unable to keep generating revenue
through advertising, they essentially have no other means of creating income. They will need to
either come up with new ways to make money, or hope that laws don’t become stricter or that
individuals will be willing to give up privacy for convenience.

1
Table of Contents
Facebook Privacy: What Privacy?

Ethical dilemma Facebook faces and the analysis

Facebook, the largest and most popular online social network, has become a significant
part of daily life for over 2 billion people around the world (Facebook Inc., 2017). To most,
Facebook is just a “free” social networking service provider that allows you to create profiles,
and keep in touch with friends. Little do people realize, each time you click to a new site or like
something, Facebook gathers detailed information about your interests, opinions, and
associations. Through the use of third party services, and big-data mining programs, shared
information is aggregated to build a profile about each user. In theory, this seems like a great
way to make what you see more relevant, but the problem with all of this customization is the
detailed profile Facebook has of you and your habits, without legal obligation to keep it private.
This often leads to unintended consequences, such as threats to privacy and changes in the
relationship between public and private domain. Whom has access to one’s personal information,
how it is being used, and the unethical profiling strategies violate an individual right to privacy.
Specific privacy concerns of online social networking include inadvertent disclosure of personal
information, damaged reputation due to rumors and gossip, unwanted contact and harassment or
stalking, surveillance-like structures due to backtracking functions, use of personal data by
third-parties, and identity theft (Boyd & Ellison, 2008). This right of privacy is further
threatened by lack of clear guidelines and absence of oversight regarding when, why, and how
government agencies, businesses, and people gain access to personal information that is
collected, retained, used, or shared.The trail of data a person leaves behind about themselves
while using the internet, such as; websites you visit,the information you submit to online
services, or the things you post to facebook is being misused for financial, political, or personal
gain. Currently, there is no single federal standard for data protection that enforces fair
information practices. Fair information practices regulate and enforce consumer privacy rights
regarding data collection, retention, use, and sharing of personal information. The federal
approach does not focus on the protection of personal information, but on the purpose of the
information collection.

We will use The Code of Fair Information Practices to analyze the ethical standards of today,
and explore how these principles are no longer protecting the privacy and security of people in a
rapidly evolving global technology environment. Fair Information Practices are a set of
principles and practices that describe how an information-based society may approach
information handling, storage, and management of information. In 1972, the Department of
Health, Education, and Welfare set out to create principles to be used in the evaluation and
consideration of systems, processes, or programs that impact individual privacy. The Code of fair
information practices became the framework and Privacy Act of 1974, a comprehensive regime
limiting the collection, use, and dissemination of personal information held by government
agencies. The Privacy act also established penalties for improper disclosure of personal
information and gave individuals the right to gain access to their personal information held by
Federal agencies. Due to the rapid advancements in technology and the impact of digitalization
on data flows, many of these principles are outdated, and vaguely protect individuals’
information appropriately.

The Eight Fair Information Practices (From the OECD Guidelines on the Protection of Privacy)
1. Collection Limitation Principle. There should be limits to the collection of personal data and
any such data should be obtained by lawful and fair means and, where appropriate, with the
knowledge or consent of the data subject.

2. Data Quality Principle. Personal data should be relevant to the purposes for which they are to
be used, and, to the extent necessary for those purposes, should be accurate, complete and kept
up-to-date.

3. Purpose Specification Principle. The purposes for which personal data are collected should
be specified not later than at the time of data collection and the subsequent use limited to the
fulfillment of those purposes or such others as are not incompatible with those purposes and as
are specified on each occasion of change of purpose.
4. Use Limitation Principle. Personal data should not be disclosed, made available or otherwise
used for purposes other than those specified in accordance with Paragraph 9

except: a) with the consent of the data subject;

or b) by the authority of law.

5. Security Safeguards Principle. Personal data should be protected by reasonable security

safeguards against such risks as loss or unauthorized access, destruction, use, modification or
disclosure of data.

6. Openness Principle. There should be a general policy of openness about developments,

practices and policies with respect to personal data. Means should be readily available of
establishing the existence and nature of personal data, and the main purposes of their use, as well
as the identity and usual residence of the data controller.

7. Individual Participation Principle. An individual should have the right:

a) to obtain from a data controller, or otherwise, confirmation of whether or not the data
controller has data relating to him;

b) to have communicated to him, data relating to him within a reasonable time; at a charge, if
any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to
him;

c) to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able
to challenge such denial; and

d) to challenge data relating to him and, if the challenge is successful to have the data erased,
rectified, completed or amended.

8. Accountability Principle. A data controller should be accountable for complying with

measures which give effect to the principles stated above.
Modern privacy law is often expensive, bureaucratic, burdensome, and offers surprisingly little
protection for privacy. It has substituted individual control of information, for privacy protection.

Weaknesses of Facebook’s privacy policies and features

The biggest weakness of Facebook’s privacy policies and features is that most of
Facebook's revenue comes from advertising by selling the information its users provide. The
information includes relationship status, location, employment status, favorite books, movies or
TV shows and a host of other categories. A major contributor to revenue growth in 2015 is ads
sold in the mobile News Feeds (IsaacMike, 2015). Therefore, Facebook’s goal is to serve
advertisements that are more relevant to users than anywhere else on the Internet, but the
personal information it gathers about users both with and without users’ consent can also be used
against users in their privacy. One of examples is that Facebook used facial recognition software
for photo tagging of users whose ‘tag suggestions’ feature is automatically on when users sign
up, which does not ask user consent at all (D'OnfroJillian, 2016). In addition, Facebook uses a
software bug or code to track users across the Internet even if users are not using Facebook
(DeweyCaitlin, 2016).

Another weakness is that the size of the personal data that Facebook has collected asks
protections and privacy controls which increase beyond those that Facebook currently provides.
Facebook collects more data than you may imagine. For example, Facebook gets a report every
time you visit a site with a Facebook “Like” button, even if you never click the button, are not a
Facebook user, or are not logged in (Consumer, 2012). Facebook has made privacy violations
and missteps for years that question about whether it should be responsible for the personal data
of hundreds of millions of users (MeyerDavid, 2017). In addition, Given Facebook’s huge user
base and high engagement levels, the accuracy of this content on its News Feed is critical for
users to rely on its platform (Forbes, 2016). However, the size of ads and contents on its News
Feed are too huge for Facebook to identify the prominence of the fake news and spams.
 The other weakness is that the million users have never changed Facebook’s privacy
settings which allow friends using Facebook applications to transfer users’ data unwittingly to a
third party without users’ knowledge. The information 13 million users are sharing everyday
could be used in some way. However, most Internet users believe that Internet companies
including Facebook should be forced to ask for permission before using users’ personal
information and they want the ability to opt out of online tracking. 28 percent of them shared all,
or almost all, of their wall posts with an audience wider than just their friends. (Protalinski,
2012). The main reason users share sensitive details of their life on Facebook is that users do not
realize that their data are being collected and transmitted in this way. Many of Facebook’s
features and services are enabled by default when they are launched without notifying users.
Facebook’s privacy policies are more difficult to comprehend than government notices or typical
bank credit card agreements, which are notoriously dense (Consumer, 2012). I personally tried
to open a dummy account to review the privacy setting process and found that Facebook never
tells me about the privacy settings or guides to check what the default settings are. It shows how
to choose to get alerts about unrecognized logins.

Factors to the weaknesses:

The redesign is Facebook's way of blaming customers for its own failings. Some bloggers
talk as though Facebook customers are trying to keep the company from "moving to the next
level." That is nonsense. Customers are happy when companies bring them new and useful
things, but they expect it to be done incrementally and offer value at each step (Coursey, 2009).
In the same way that Microsoft's 90 percent share of the operating system market in the 1990s
meant that the company could force all kinds of other crap on us that we didn't want or need,
Facebook is enabled by its immense lock-in power to pursue goals that don't match up to what its
users necessarily want or need. Microsoft's failure to generate any intrinsic loyalty or affection
became an obvious liability in a marketplace with multiple competitors. Facebook is sitting
pretty at the end of its first decade but no one knows what might happen to Facebook in the next
10 years. (LEONARD, 2014). Facebook people should not make privacy related issue in the
future, like the mistake of Facebook's Beacon program.
 Clayton Christensen demonstrates how successful, outstanding companies can do
everything “right” and yet still lose their market leadership or even fail as new, unexpected
competitors rise and take over the market. Christensen shows how most companies miss out on
new waves of innovation. Value to innovation is an S-Curve: Improving a product takes time
and many iterations. The first of these iterations provide minimal value to the customer but in
time the base is created and the value increases exponentially (Christensen, 2016). Once the base
is created then each iteration is drastically better than the last. At some point, the most valuable
improvements are complete and the value per iteration is minimal again. So in the middle is the
most value, at the beginning and end the value is minimal. Currently, Facebook is in the middle
but no one knows any new, unexpected competitors with disruptive technologies rise and take
over the market.

In 2015, Facebook had an astounding 1.2 billion daily users, and that number remains on
the rise. Still, there’s concern that Facebook’s revenue growth is going to trail off. There are only
so many people with Internet access and so many places the company can display ads, so it
makes sense that Facebook cannot grow as rapidly as it did when it was young. Three facts keep
people in Facebook from overcoming the weaknesses in the future: Facebook’s people have their
goal to shake an advertising slowdown, Facebook’s people monetize its newer assets like
WhatsApp and Facebook 360, and Facebook’s people win back trust from the reputation of
spreading “fake news” (Bary, 2016).

Facebook is huge and an incumbent rather than an upstart. If it is not careful in building
the organizational culture, it could join the many other tech companies that started out with a
powerful culture, lost their way, and ended up big, bloated, and bureaucratic. The CEO says that
it’s been a process over time of building a culture where people think about the mission in the
same way that I do, which allowed us to take on more and more products and things that we can
try to solve for the world. Facebook’s culture may be distributed among thousands of people
who take it seriously. However, it is an issue that the company has managed to make it
permanently self-sustaining in the same way it did when it was tiny or medium-sized
(MCCRACKEN, 2015). Facebook’s status as the world’s biggest social media company is partly
founded on the company’s organizational culture, which is known as a hacker culture
(LOMBARDO, 2017). Advantages of this corporate culture are its support for flexibility,
especially in rapidly addressing issues and problems in the social media business and facilitating
Facebook’s continuous improvement as the online environment changes rapidly (except if
Facebook drives the environment). However, a possible disadvantage of this organizational
culture is the difficulty in strictly implementing new mandates that impose limits on employees’
activities. This is so because Facebook’s employees are accustomed to a corporate culture where
they are empowered to do their jobs flexibly.

Facebook only allows higher-quality advertisements with no default sound, no deceptive

ads, and fewer accidental click-through. And Facebook says that some users may prefer relevant
ads and if they’re going to see them anyway, it may as well be for something they’re actually
interested in (Barret, 2016). What policies and rules are developed internally in the algorithm
that Facebook figure out which advertisements are relevant and interesting to the users? What
are criteria to say ‘higher-quality advertisements?’ There are so many different preferences,
personalities and types of people or users that Facebook cannot please all of the users based upon
the data analysis (even using Big Data, it could be 60 – 80% accuracy). All of Facebook users do
not set the preferences of things that they care about using Facebook’s ‘ad preferences’ setting.
Facebook should not rely on the users’ voluntarily setting the preferences. Facebook has to be
smart in doing this setting the preferences.

In mid-December 2016, Facebook announced it would begin flagging fake news stories
with the help of users and five independent fact-checkers: ABC News, AP, FactCheck.org,
Politifact and Snopes (HUNT, 2017). At the same time, Facebook planned to develop algorithms
to decrease the prominence of the fake news and spams (Chaykowski, 2016). However, the
algorithms, which are currently not perfect due to the technology and rapidly changing online
environment, might cause Facebook to become arbiters of truths.

Facebook has faced many unstructured decision scenarios related to privacy issues. The
decision-making process seems not working well to access to the right information and data
including current and future users, policies around the world, and potential emergent privacy
issues due to new features and products. For supporting the managers to make better decisions
flawlessly and quickly, business intelligence and analytics are essentially about integrating all
the information streams produced by Facebook into a single, coherent enterprise-wide set of
data.

Conclusion:

The weaknesses of Facebook’s privacy policies and features are that MOST of
Facebook's revenue comes from advertising by selling the information its users provide, THE
size of the personal data that Facebook has collected asks protections and privacy controls which
increase beyond those that Facebook currently provides, and THE million users have never
changed Facebook’s privacy settings which allow friends using Facebook applications to transfer
users’ data unwittingly to a third party without users’ knowledge. The information 13 million
users are sharing everyday could be used in some way. The factors to the weaknesses are coming
from three of people, organization and technology. Facebook people should not make privacy
related issues in the future, like the mistake of Facebook's Beacon program. The people have to
take a lesson from MS; Microsoft's 90 percent share of the operating system market in the 1990s
meant that the company could force all kinds of other crap on us that we didn't want or need. The
possible disadvantage of the organizational culture, knows as a hacker culture is the difficulty in
strictly implementing new mandates that impose limits on employees’ activities. This is so
because Facebook’s employees are accustomed to a corporate culture where they are empowered
to do their jobs flexibly. The internal algorithms of policies and rules, which are currently not
perfect due to the technology and rapidly changing online environment, might cause Facebook to
become arbiters of truths.
Recommendation: Successful business model without invading
privacy?

Facebook’s business model is based almost entirely around generating revenue through
advertising. In fact, in Q1 2017, 98% of its quarterly revenue came from advertising while
non-advertising revenue in the quarter sources fell by more than 3% from a year earlier (Ingram,
David. “Facebook nears ad-only business model as game revenue falls” Reuters. 7, May 2017.
Web. 27, Sep. 2017). Facebook is able to generate income in this manner as a result of their
ability to collect massive amounts of data and information that their users share via its free social
media platform and aggregating that data and sell it for extremely targeted advertising.

It is this collection and use of such data that is directly related to privacy. The growing
public concern around information sharing and the heightened sense for an increased level of
privacy can have a serious impact on Facebook’s ability to continue to grow as a profitable
business. If they decide to offer more privacy options as a means to keep current users happy
and to gain new ones who may be hesitant to sign up for a fear of lack of privacy, they will not
be able to continue collecting and storing the same types and amounts of data that have proven
so valuable to their growth up until this point. Without other substantial sources of revenue,
taking a hit to how much they can generate via advertising can result in a significant decline in
overall revenue growth for the company as a whole.

Facebook cannot have a successful business model without invading privacy, because the
whole concept and triumph of Facebook has been data collection. By creating a platform for the
population to use under the guise of networking, Facebook has been able to deceive its users by
offering an idea that this means of communication is “free.” Disinformation and lack of
understanding amongst the population has allowed tech companies like Facebook to collect data
without giving us specifics to what, why and where this information is being disseminated. The
business model Facebook has deployed has focused on the reselling of data and allowing
marketers to use this platform.
 The Terms and Conditions that we sign to allow Facebook to collect data gives it an
amount of legitimacy but those practices are also coming under intense scrutiny. “Carnegie
Mellon researchers determined that it would take the average American 76 work days to read all
the privacy policies they agreed to each year. So you’re not avoiding the reading out of laziness;
it’s literally an act of job preservation” ( Scherker, 2014). The Terms and Conditions of many
websites have created an environment that makes it inconvenient for users to understand, while
at the at the same time trying to provide use convenience. In legal terms, privacy seems to have a
grey area in our society. Currently in Europe, Internet privacy has become a hot button topic.
“Facebook has been fined €150,000 ($166,400) by France’s privacy watchdog for violating the
country’s data protection rules. In a statement released Tuesday, the Commission Nationale de
l’Informatique et des Libertés (CNIL) said Facebook has failed to properly inform users of how
their personal data is tracked and shared with advertisers, though it stopped short of ordering the
company to change its practices.” (Toor, 2017). This situation is shedding light on an ongoing
privacy concern that is also creating questions in the United States. So, Facebook must figure out
alternative ways to provide solutions to their profit generating system.

The only solutions that we can see for Facebook to work around the privacy issue, is by
continuous persuasion. We believe that society seems very willing to give up privacy for
convenience, security for freedom. With all of the data that Facebook and other tech firms have
collected on us, they are steps ahead of us and we think they will find ways to address the
privacy concerns in a manner that will satisfy only the willing. Others will have to put up with
the ever-changing environment of the interconnected world unfortunately.
References:
Barret, B. (2016, 6 2). YOU SHOULD GO CHECK FACEBOOK’S NEW PRIVACY SETTINGS.
Retrieved 9 21, 2017, from Wired:
https://www.wired.com/2016/06/go-check-facebooks-new-privacy-settings/

Bary, E. (2016, DEC. 30). 3 Big Issues Facing Facebook in 2017. Retrieved SEP. 18, 2017, from
BARRON’S NEXT:
http://www.barrons.com/articles/3-big-issues-facing-facebook-in-2017-1483113265

Chaykowski, K. (2016, DEC. 15). Facebook Partners With 3rd Party checkers to Rein In Fake
News. Retrieved SEP. 18, 2017, from The Forbes: https://www.forbes.com/forbes/welcome/?
toURL=https://www.forbes.com/sites/kathleenchayko wski/2016/12/15/facebook-takes-new-
steps-to-rein-in-fake-news-partners-with-third-party-fact-c
heckers/&refURL=https://www.google.com/&referrer=https://www.google.com/

Christensen, C. M. (2016). The Innovator's Dilemma: When New Technologies Cause Great
Firms to Fail . In C. M. Christensen, The Innovator's Dilemma: When New Technologies
Cause Great Firms to Fail (p. 288). Harvard Business Review Press.

Consumer, R. (2012, JUNE). Facebook & your privacy - Who sees the data you share on
the biggest social network? Retrieved SEP. 15, 2017, from Consumer Reports:

https://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm
Consumer-Reports. (2012, JUNE). Facebook & your privacy - Who sees the data you share
on the biggest social network? Retrieved SEP. 15, 2017, from Consumer Reports:
https://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm

Coursey, D. (2009, MAR. 24). Facebook's Problem Is Its Management, Not Its Customers.
Retrieved SEP. 17, 2017, from PC World:
https://www.pcworld.com/article/161821/facebook_redesign_problems.html
Dewey, C. (2016, AUG. 19). 98 personal data points that Facebook uses to target ads to you.
Retrieved SEP. 15, 2017, from The Washington Post:
https://www.washingtonpost.com/news/the-intersect/wp/2016/08/19/98-personal-data-points-that
-facebook-uses-to-target-ads-to-you/

D'Onfro, J. (2016, MAY 6). How to stop Facebook from auto-tagging you in photos. Retrieved
SEP. 15, 2017, from Business Insider:
http://www.businessinsider.com/how-to-deactivate-photo-auto-tagging-in-facebook-2016-5

Forbes. (2016, DEC. 21). How Big Is The Fake News Problem For Facebook ? Retrieved SEP.
18, 2017, from Forbes:
https://www.forbes.com/sites/greatspeculations/2016/12/21/how-big-is-the-fake-news-problem-f
or-facebook/#1e5f581c5bd1
HUNT, E. (2017, MAR. 21). 'Disputed by multiple fact-checkers': Facebook rolls out new
alert to combat fake news. Retrieved SEP. 19, 2017, from The Guardian:
https://www.theguardian.com/technology/2017/mar/22/facebook-fact-checking-tool-fake-news

Isaac, M. (2015, NOV. 4). Facebook Revenue Surges 41%, as Mobile Advertising and
Users Keep Growing. Retrieved SEP. 15, 2017, from The New York Times:
https://www.nytimes.com/2015/11/05/technology/facebook-q3-earnings.html

LEONARD, A. (2014, FEB. 04). Facebook’s fatal weakness: Why the social network is losing
to Amazon, Apple & Google. Retrieved SEP. 18, 2017, from Salon:
https://www.salon.com/2014/02/04/facebooks_fatal_weakness_why_the_social_network_is_losi
ng_to_amazon_apple_google/

LOMBARDO, J. (2017, FEB. 08). Facebook Inc.’s Organizational Culture Characteristics.

Retrieved SEP. 18, 2017, from Panmore Institute:
http://panmore.com/facebook-inc-organizational-culture-characteristics-analysis
MCCRACKEN, H. (2015, NOV. 24). How Facebook Keeps Scaling Its Culture. Retrieved SEP.
18, 2017, from Fast Company:
https://www.fastcompany.com/3053776/how-facebook-keeps-scaling-its-culture

Meyer, D. (2017, SEP. 11). Here’s Why Facebook Got a $1.4 Million Privacy Fine in Spain.
Retrieved SEP. 16, 2017, from Fortune:
http://fortune.com/2017/09/11/facebook-privacy-fine-spain/

Protalinski, E. (2012, MAY 12). 13 million US Facebook users don't change privacy settings.
Retrieved SEP. 17, 2017, from ZDNet:
http://www.zdnet.com/article/13-million-us-facebook-users-dont-change-privacy-settings/

Scherker, A. (2014, July 21). Didn't Read Facebook's Fine Print? Here's Exactly What It Says.
Retrieved October 04, 2017, from
http://www.huffingtonpost.com/2014/07/21/facebook-terms-condition_n_5551965.html

Toor, A. (2017, May 17). Facebook is still violating user privacy, Dutch and French regulators
say. Retrieved October 04, 2017, from
https://www.theverge.com/2017/5/17/15651740/facebook-privacy-violation-france-netherlands-f
ine