Facebook, privacy and newspapers

My April column for the South Carolina Press Association:

Facebook and its chief executive Mark Zuckerberg are being criticized far and wide for the company’s lax privacy practices after it was revealed that the political data firm Cambridge Analytica had used a seemingly innocuous personality test to collect data on 87 million Facebook users, which it combined with data from other sources to develop psychological profiles that were used in support of President Trump’s 2016 campaign.



In response, Zuckerberg has apologized that the company had not sufficiently protected its users’ data. “We have a responsibility to protect your data,” he wrote, “and if we can't then we don't deserve to serve you.” He also accepted personal responsibility for the misuse of the data. “It was my mistake, and I’m sorry,” he said in a statement before the Senate Judiciary and Commerce committees. “I started Facebook, I run it, and I’m responsible for what happens here.”

And Zuckerberg also outlined changes that Facebook has and will take to protect its users’ privacy. One of the most significant is his announcement that the site will offer privacy controls that comply with strict new privacy rules that will go into effect in Europe in May, and will offer these controls to users worldwide, not just in Europe. A number of lawsuits have also been filed against the site over privacy issues and the Cambridge Analytica incident in particular.

You may be concerned about all of this if you have an account on Facebook, or on other sites that follow similar business models of collecting users’ data. (Which is virtually all of them, including Google.) But people in the newspaper business should also be concerned about these developments, and the possible consequences, for their businesses.

Even though Facebook has lately backed away from its content partnerships with news sites—the result of a previous kerfuffle over the company’s practices in highlighting stories—many news sites still require Facebook logins for their users. In fact, only a few years ago requiring such logins was seen as a way to tame notoriously disorderly comment sections. By requiring such logins, is a newspapers’ website complicit in Facebooks’ privacy policies—and failures?

Even if news websites eschew Facebook’s logons and use their own, there are questions about security of their users’ private data. What data is collected, how it is protected, and how is it used? And if a newspaper’s website charges for access, how secure is the users’ payment information?

This could also affect any website that has advertisements. How are the ads placed? What personal information about users is used to determine which ads appear? How much personal information do the advertisers get when their ad appears to a particular user? How much do they get if the user actually clicks on the ad?

And what platform hosts your site? Researchers recently discovered that many websites—including of the larger news websites and platforms, such as Wordpress, that host smaller news organization’s sites—actually have the ability to track all of users’ keystrokes.

It’s unclear if there will be any changes in the wake of Zuckerberg’s appearance before Congress. Two senators have introduced a bill to give users more control over their data. Others have suggested adoption of some of the forthcoming European rules.

Anyone that operates online—either as a user or a provider—should stay aware of the debate over internet privacy, and legislative attempts to address it.