In recent days, numerous Facebook users have posted a legal-sounding statement as an update to their pages containing some version of the following:
"In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, comics, paintings, professional photos and videos, etc. (as a result of the Berner Convention). For any commercial use of the above my written consent is needed at all times! Anyone reading this can copy this text and paste it on their Facebook Wall. This will place you under protection of copyright laws. By the present communiqué, I notify Facebook that it is strictly forbidden to disclose, copy, distribute, disseminate, or take any other action against me on the basis of this profile and/or its contents.
The aforementioned prohibited actions also apply to employees, students, agents and/or any staff of Facebook or under their direction or control. The content of this profile is private and confidential information. A violation of my privacy is punishable by law (UCC 1 1-308-308 1-103 and the Rome Statute).
Facebook is now an open capital entity. All members are recommended to publish a notice like this, or if you prefer, you may copy and paste this version. If you do not publish a statement at least once, you will be tacitly allowing the use of elements such as your photos as well as the information contained in your profile status updates."
This is not the first time Facebook users have felt the need to add a legal disclaimer to their statuses in an effort to protect their rights. A similar statement made the rounds a few months ago, with a greater focus on privacy:
Facebook is now a publicly traded entity. Unless you state otherwise, anyone can infringe on your right to privacy once you post to this site. It is recommended that you and other members post a similar notice as this, or you may copy and paste this version. If you do not post such a statement once, then you are indirectly allowing public use of items such as your photos and the information contained in your status updates.
PRIVACY NOTICE: Warning - any person and/or institution and/or Agent and/or Agency of any governmental structure including but not limited to the United States Federal Government also using or monitoring/using this website or any of its associated websites, you do NOT have my permission to utilize any of my profile information nor any of the content contained herein including, but not limited to my photos, and/or the comments made about my photos or any other "picture" art posted on my profile.
You are hereby notified that you are strictly prohibited from disclosing, copying, distributing, disseminating, or taking any other action against me with regard to this profile and the contents herein. The foregoing prohibitions also apply to your employee , agent , student or any personnel under your direction or control.
The contents of this profile are private and legally privileged and confidential information, and the violation of my personal privacy is punishable by law. UCC 1-103 1-308 ALL RIGHTS RESERVED WITHOUT PREJUDICE
These two statements have a few elements in common. First, there was no new policy (or change to a policy) at Facebook to trigger these notices. Next, even had there been such a policy, the notices themselves were ineffectual and inaccurate from a legal perspective (e.g. profile notices do not modify contracts; there is a Berne Convention regarding copyright but no "Berner Convention"; the U.C.C., or Uniform Commercial Code, is a state law regarding the sale of goods, having nothing to do with Facebook profiles or privacy). Additionally, both notices went viral very quickly, spreading to literally tens of thousands or more Facebook users, even as others posted rebuttals and links to sites such as Snopes.com and news sites covered and furthered debunk the warnings about "new Facebook guidelines."
The main factor that these viral postings share, though, is the lesson that they can provide to Facebook and numerous other organizations: namely, that users care deeply about, and do whatever they think they can to ensure, their privacy. This is not a new idea, nor is this the first time a rumored (though inaccurate) threat to privacy generated vast consumer and even legislative response. In late 1996, e-mails spread warning about the supposed revelation by Lexis/Nexis of Social Security numbers and mothers' maiden names (two important pieces of data that could be misused by identity thieves to steal account access) in its new P-Trak consumer information database. In reality, P-Trak had originally included Social Security numbers but had been quickly revised to allow only searching by such numbers if the searcher already knew them, and the database had never contained mothers' maiden names. Nonetheless, consumers jammed Lexis/Nexis' customer service lines demanding to be removed, and the incident sparked a letter from three senators to the FTC and a resulting FTC public workshop and report to Congress on privacy of social security numbers and other information.
The overall idea of consumers and other users being able to know and manage the information being collected about them has long been a significant part of privacy best practices. The FTC and numerous other bodies in the U.S. and throughout the world have promulgated some version of Fair Information Practice Principles ("FIPP"), which generally include sections on notice, choice and participation. More recently, in February 2012, the Obama Administration published a report entitled Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy And Promoting Innovation In The Global Digital Economy, which included a Consumer Privacy Bill of Rights incorporating individual control, transparency, and access and accuracy among its elements. The whole concept of a Web site's "privacy policy" is that it serves as a disclosure document, informing and empowering consumers with regard to the personal information collection and use by the site's owner, and even absent general federal mandates for privacy policies in the United States, the vast majority of sites offer them, largely because consumers might otherwise suspect a site without a privacy policy of misusing their personal data.
Unfortunately, the theory of privacy policies and fair information practices does not always translate into reality. The double wave of Facebook viral postings, which were frequently made by those who weren't either privacy advocates or lawyers, shows both that accurate information about Facebook's practices was not being effectively communicated to its millions of users, and that users did not know how to find and use Facebook's actual privacy controls. As confusing as Facebook's controls may be, those of search/software/service giant Google are substantially more challenging, given how many different products Google offers, the numerous platforms on which they run, and the sheer volume of information being collected and used by Google.
If Facebook is paying attention to its users, it can do a huge service to them and the overall Internet community by taking this latest viral reaction to heart. Facebook should use this incident as a spark to substantially improve user access to and understanding of, its information collection practices. Other sites, including those many news sites that covered the story, should likewise reexamine and improve their own user privacy experiences. Otherwise, they may face not only unhappy and confused users, but regulatory and legislative actions that have a much more severe and longlasting impact on their businesses and their ability to properly (and transparently) use what they learn about their customers.