Facebook's Privacy Policies Under Fire It's almost impossible to avoid Facebook — nearly 500 million people are now on the social networking site. And critics say it's almost impossible to decipher the Internet giant's privacy policies. Host Guy Raz starts our exploration of privacy and Facebook by talking to Emily Steel of the Wall Street Journal. She reported last week how the site had been giving advertisers access to users' personal data.
NPR logo

Facebook's Privacy Policies Under Fire

  • Download
  • <iframe src="https://www.npr.org/player/embed/127075871/127075867" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Facebook's Privacy Policies Under Fire

Facebook's Privacy Policies Under Fire

  • Download
  • <iframe src="https://www.npr.org/player/embed/127075871/127075867" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

GUY RAZ, host:

This is ALL THINGS CONSIDERED from NPR News. I'm Guy Raz.

If it were a country, Facebook would be the third most populous on Earth. One out of every 14 humans has a profile. And soon, the company is expected to announce its 500 millionth registered user.

Now, despite that, it's been a tough few weeks for Facebook. A growing chorus of bloggers and privacy advocates are accusing the company of passing on too much personal information about users to advertisers.

Last month, Facebook decided to make each user's profile information public by default. Now, you can still hide that data from others, but many users have complained that doing it is overly complicated. And this past week, the Wall Street Journal reported on a software loophole that could allow advertisers to figure out precisely who was looking at their ads.

Facebook says it repaired the problem after Journal reporter Emily Steel brought it up.

Ms. EMILY STEEL (Reporter, The Wall Street Journal): Facebook and several other social networking sites were found to be sending data to ad companies that could be used to find those consumers' names or other personal details, even though they promised that they don't share that information without users' consent.

RAZ: So if you went on your Facebook page, Emily Steel's Facebook page...

Ms. STEEL: Right.

RAZ: ...and you saw an ad for, I don't know, vacationing in Aruba, and you clicked on that, that company would know who you were?

Ms. STEEL: Right. That's actually how we figured out that this is going on. So I went to my Facebook page. I clicked on an ad, and behind the scenes, it's very common for advertisers to receive the address of the page from which a user clicked on the ad. And what we found is in that code, part of the tags had a symbol to advertisers that would say: Hey, this is the user Emily C. Steel clicking on this ad.

RAZ: Hmm. And what could the advertiser find out about you by having your user name?

Ms. STEEL: Anything from a person's real name to their hometown, their occupation, their age, pictures, what they did last weekend, the different comments that they say, who their friends are.

RAZ: But I mean, if you made this public anyway, what's the big deal that Facebook is just passing that along?

Ms. STEEL: These sites may have been breaching their own privacy policy, as well as industry standards, that say that they shouldn't share and advertisers shouldn't collect personally identifiable information without users' permission.

RAZ: Now, after you started reporting on this story, you contacted Facebook and you said, actually, you are letting people know that Emily Steel has clicked on this ad.

Ms. STEEL: Uh-huh.

RAZ: What did Facebook say in response? And what did they do?

Ms. STEEL: After we contacted them, they said that they changed their software to eliminate identifying code that could be tied to the user.

RAZ: But I guess it raises the question of whether it was inadvertent or not, they have the power to do that. They can pass along personal information.

Ms. STEEL: And that's one thing that's a really big debate in the industry right now is what is personally identifiable information. Traditionally, it's been considered to be your name, your address, your email, anything that can be tied directly to you. But now in this new age, where there's so much information about everybody on the Internet, a Facebook username could be considered to be personally identifiable.

They, in theory, could be able to create this massive profile about me, Emily Steel, and all of the different websites that I visit, the searches that I make, all sorts of information.

RAZ: Emily, that's pretty scary.

Ms. STEEL: That's what a lot of people say, that it is really scary. But what the ad companies that we identified as receiving the data and talked to said is that they weren't aware of this data being sent to them and that they haven't made use of it. And they actually say that it's in their policy that they don't want this data. They don't want this information.

RAZ: It's their policies and their contracts, but we know that in theory, it's possible they can do this.

Ms. STEEL: Yeah, it's possible.

RAZ: That's Emily Steel. She covers digital media for the Wall Street Journal.

Emily, thank you so much.

Ms. STEEL: Thanks for having me.

Copyright © 2010 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.