You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.
The change that caused the uproar, however, was the deletion of the following, which appeared at the end of the aforementioned section: “You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”
Interestingly, Facebook’s amended policy went largely unnoticed until the popular consumer rights advocacy site, Consumerist.com, brought these changes to light.
While the arguments supporting why a user should have the right to control his/her data and information are both persuasive and intuitive, one must also consider the “reality” of the situation. For example, Facebook currently boasts a user base of approximately 175 million users around the world. Without having first-hand knowledge of Facebook’s IT policies and protocol, presumably a user’s data is stored across multiple networks and servers that are backed up regularly. Is it even possible for Facebook to delete all of a user’s data when he/she leaves Facebook? It is reasonable to demand that Facebook undertake a search and destroy mission for each departing user by deleting his/her data from each and every server that ever touched such data (including each back-up server), and then scrub the same servers to ensure that the deleted data can never be recovered? Moreover, if a user elects to leave the service without deleting his/her information, should Facebook then be required to do so?
Furthermore, social networking sites like Facebook are designed for data sharing between users—hence the term “social network.” Is it reasonable to expect Facebook to comb through millions of user pages to hunt down data that must be deleted and purged when a user leaves the service? Perhaps the changes reflected above were merely intended to address rights-clearance issues and to protect and insulate Facebook against claims from old users.