Social Media Bill of Rights - Do You feel Covered?

By Jason Carmel | 0 Comments | Posted in in Web/Tech | Permalink

Technorati Tags: digital privacy, social media

At last week's 20th annual Computers, Freedom & Privacy (CFP) summit in San Jose, participants and practitioners debated and proposed a Social Network Users' Bill of Rights, designed to represent the denizens of the social ecosystem out there (in here?). Facebook, Google Whatever, Twitter, this is mostly about you guys. You can tell that these principles weren't written by politicians or (exclusively) lawyers, since they are clear, intelligible, and brief enough to be included in their entirety below:

We the users expect social-network sites to provide us the following rights in their Terms of Service, Privacy Policies and implementations of their system:

1. Honesty: Honor your privacy policy and terms of service.
2. Clarity: Make sure that policies, terms of service and settings are easy to find and understand.
3. Freedom of speech: Do not delete or modify my data without a clear policy and justification.
4. Empowerment: Support assistive technologies and universal accessibility.
5. Self-protection: Support privacy-enhancing technologies.
6. Data minimization: Minimize the information I am required to provide and share with others.
7. Control: Let me control my data and don"t facilitate sharing it unless I agree first.
8. Predictability: Obtain my prior consent before significantly changing who can see my data.
9. Data portability: Make it easy for me to obtain a copy of my data.
10. Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised.
11. Right to know: Show me how you are using my data and allow me to see who and what has access to it.
12. Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
13. Right to appeal: Allow me to appeal punitive actions.
14. Right to withdraw: Allow me to delete my account and remove my data

Many of these are spot on and so obviously RIGHT, that it makes me a little sad we have to actually tell these business that we expect them. Specifically, Honesty, Freedom of Speech, Predictability, Empowerment, and Protection are complete no-brainers. Clarity is another pet peeve of mine that is well placed on this list- putting your privacy policy in 8 point font and using language indigenous to the British House of Lords circa 1740 is a cheap-ass way of protecting yourself for any skeezy behavior you do after the fact. Any company that fails repeatedly on the above doesn't deserve our attention, let alone our engagement or dollars.

Some principles, thought, are admittedly less clear to me. Data Minimization is an example here, where the intent seems to be something like "Listen, stop asking me for my birth date for a service that doesn't require that data." I get that, and support it. But the flip side is that everyone has a different understanding of what is "necessary," which I kind of also get (does Facebook need your birthday to work? No, but I would guess a lot of people like getting wall posts on their birthdays with well wishes). My take on Data Minimization is that so long as the other principles are adhered to, businesses should feel free to ask anything they want: if their registration form is bloated with irrelevant, overly personal questions, then registrations will suffer as a result. The market will reward the most optimal form with the least friction between click-to-form and registration.

Some principles may actually contradict each other, as well. I look at the Right to self-define as particularly tricky here. If a customer chooses to have 16 unlinked accounts, it arguably puts a significant burden on the business to insure that portability is manageable. If all those accounts are anonymous, does it render the Right to appeal meaningless? (why do I need to appeal a punitive ruling if I can just open up another 16 anonymous accounts)

Still, any critiques of the Bill of Rights are minor, and should be viewed in proper perspective. This is an effective (though certainly not the first) barometer of customer expectations in a digital world where data is aggregated 24/7.

What happens next is always the really interesting question. Will these (or other) principles be legislated? Or will businesses understand which way the wind blows and self-regulate?