Facebook, Privacy, and Regulation

In what may signal a change in attitude, the U. S. Federal Trade Commission is talking about fining Facebook billions of dollars for breaching a privacy agreement between the company and the FTC.  At issue is how Facebook uses the data it gleans from its users and whether Facebook has asked permission before sharing private data with third parties. 

In a recent AP article, reporter Barbara Ortutay says Facebook has set aside $3 billion in case the FTC fines the firm.  This is somewhat of a drop in the bucket of Facebook profits, which are estimated to be over $20 billion this year.  But still, it's large enough to attract investors' attention, and so the publicly traded company mentioned it in a recent news release. 

Privacy is one of the more nebulous concepts in ethics and law, as opposed to murder, say.  With murder you generally have a dead body and a definite event that produced it.  But privacy is all in the mind, or rather, minds—the mind of the person whose privacy has been violated, and the minds of those who allegedly know something about the victim that the victim doesn't want known.  And figuring out what is in peoples' minds isn't that easy.

One of the earliest institutional guarantees of privacy is what the Roman Catholic Church calls the "seal of confession."  Catholics are supposed to confess all their mortal sins periodically to a priest in what's called the sacrament of penance or reconciliation.  In turn, the Church promises on behalf of its priests never to reveal what is confessed.  A priest who breaks the seal of confession is subject to immediate defrocking, and so some priests have become martyrs rather than reveal secrets they learned in the confessional to government agencies, for example. 

There are many differences between confessing one's sins to a priest and posting your latest trip to a bar on Facebook, but structurally the situations are similar.  In each case, there is a person who is providing information that they would like to keep private:  the penitent in the confessional, or the person posting something on Facebook.  There is also the desired audience which the person wants to reach:  the priest (and presumably God) in the confessional, the intended circle of chosen friends in the case of Facebook.  There is the institution whose job it is to ensure that privacy is maintained:  the Church in the one case and Facebook in the other.  And finally, there's everybody else—the rest of the world which is supposed to remain wholly ignorant of what is going on in the private interchanges between priest and penitent in the one case, or Facebook and the user in the other case.

There have been isolated cases in which the seal of confession has been broken, but they have been rare, probably owing to the drastic penalty the Church exacts on a priest who breaks the seal.  In the case of Facebook, things are much different.  For one thing, individual users have no sure way of knowing if Facebook shares their private information with advertisers.  So it's reasonable that another institution with enough resources to investigate such large-scale questions systematically should get involved, in this case the FTC.  Instead of the seal of confession, we have a 2011 agreement reached between the FTC and Facebook which bound the company for twenty years to ask for "affirmative express consent" before Facebook shares any data the user hasn't made public with a third party.

Here's where things get tricky.  Anyone who deals with computers knows that whenever you sign up with a new service or install new software, you get asked to consent to something that most people blow by without reading.  If you try reading the terms and conditions, as they're called, you will either waste hours on it or have to hire a lawyer to figure out what you're really committing to.  This digital equivalent of fine print on a written contract is where companies like Facebook sometimes try to bury things you may not like if you knew about them.  But the case the FTC has against Facebook may amount to something like in clause 4 of paragraph 3.7A, you actually agreed to let Facebook share what you thought was private data with anybody who will pay for it. 

The question of whether clicking a button that says you read and understood the terms and conditions without really doing that is "affirmative express consent" has two answers.  The technical answer is, yes, it does, and if you didn't read and understand all that legal boilerplate it's your own fault.  The practical and man-on-the-street answer is, no it doesn't, because nobody but a corporate lawyer getting $300 an hour for the job is going to read and understand all that stuff in the sense that is intended, and making ordinary non-lawyers press the button is simply a CYA (cover-your-afterparts) action on the part of the company.  And the FTC may be saying that Facebook hasn't been covering well enough.

I do not personally use Facebook, although my wife does and lets me know if she finds anything important on it that she thinks I ought to know.  As I said to begin with, privacy is a fuzzy concept which in the digital age we live in has come to mean different things to different people.  Younger people especially seem not to mind sharing things on public sites that forty or fifty years ago would have been confined to the privacy of one's diary kept under lock and key.  I suppose the best we can do is to make clear what users expect in the way of privacy, in terms that users themselves can understand, and then use government regulation if necessary to keep organizations like Facebook from abusing the trust that their users place in them.  And if it takes billion-dollar fines to get a company's attention, then I say go to it. 

Sources:  The AP article by Barbara Ortutay about the potential Facebook fine was carried by numerous news outlets, including the print edition of the Austin American-Statesman on Apr. 26, 2019, where I saw it.  One online location that is not protected by a pay-to-get-behind-it firewall (an increasingly common practice these days) where the article can be viewed is the website of West Virginia's Bluefield Daily Telegraph at https://www.bdtonline.com/region/possible-b-facebook-fine-echoes-european-tech-penalties/article_6c3bfa1d-9d83-58b3-8417-08fc8688ccd4.html.