BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Facebook Privacy Policy Change Paves Way For Off-Facebook Advertising

This article is more than 10 years old.

You can see the new policy (with tracked changes) here. The two main things you need to know:

  1. Facebook used to keep data it received about you from advertisers and third parties for 180 days; now they say they'll keep it for as long as necessary to provide you with a service. Chief Privacy Officer Erin Egan says that means that if Zynga tells Facebook who their top scoring players are in order to target them with ads, Facebook erases that information as soon as the ad campaign is over. But if Zynga were to post information about its top scoring players on its wall, Facebook is not going to take it down within 180 days.
  2. Facebook makes it clearer that it can use information about you to display ads to you outside of Facebook. The policy previously stated that the company could serve ads with a social context outside of Facebook. Now it makes it clear they can serve any kinds of ads they want. "Everything you do and say on Facebook can be used to serve you ads," says Egan. "Our policy says that we can advertise services to you off of Facebook based on data we have on Facebook."

The second is the more interesting change from a revenue standpoint. The Facebook team made clear that they don't have any particular product to announce yet, but this further paves the way for Facebook to roll out an advertising network to display ads around the Web. Given how much Facebook knows about its users, the network could arguably be much more effective than current ad networks which base their guesses about you on cookies placed according to the websites you've visited. Of course, it would likely only work if you stayed logged into Facebook while surfing the Web, unlike with a cookies-based approach.

"They're reserving the right to serve ads off of Facebook," says Justin Brookman, director for the Project on Consumer Privacy at the Center for Democracy and Technology. "It wouldn't involve more collection of data. There are are other companies, such as LinkedIn and Amazon, who have already started doing this."

My colleague Eric Jackson already has Facebook on a death watch, in part because of their struggle to make any money off people who are increasingly accessing the site through mobile devices (and thus not seeing ads). But I wonder about the future possibilities of "off Facebook" when it comes to advertising. Maybe there'll be a time when you walk into a store with a digital billboard, and it will either recognize you with special Facebook cameras equipped with face recognition or based on a signature from your phone. It could then show you an ad or offer you a coupon based on what Facebook knows about you. Pure speculation, of course.

Thus, Facebook both clarifies their privacy policy (to make the Irish happy) and reminds IPO investors about an additional stream of revenue for the company. Win. Win.

As to whether this policy revamping shows that the Irish Data Privacy Commissioner is controlling the global show when it comes to consumer privacy protection, Facebook says no. "This is not evidence that the Irish DPC is driving everything," says Egan.

Facebook users have seven days to review the changes and make comments. Other notable clarifications:

  • Your gender is public information, as is your Timeline cover photo.
  • When you "deactivate" your account, you and your content do not disappear from the site. You still appear in your friends' friend lists.
  • When you delete your account, it doesn't delete everything you've ever done on the site. Any messages you've written, for example, stay in your friends' inboxes.
  • Facebook created a new chart [pdf] with everything you've ever wanted to know about the kind of cookies that don't come out of the oven.

*My headline is a little inaccurate. Facebook no longer calls its privacy policy a privacy policy. Its now called the "data use policy," which is a far more accurate name. Most privacy policies aren't about protecting your privacy, but explaining to you how a company will exploit the data it has on you.