On Feb. 4, 2009, Facebook decided to change (aka “update”) its Terms of Use Policy. The new policy provided, essentially, the right of Facebook to continue using a user’s data even once he/she left the service. The following is an excerpt from Facebook’s current Terms of Use Policy:
You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.
The change that caused the uproar, however, was the deletion of the following, which appeared at the end of the aforementioned section: “You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”
Interestingly, Facebook’s amended policy went largely unnoticed until the popular consumer rights advocacy site, Consumerist.com, brought these changes to light.
This has sparked a very interesting debate on data ownership, and one that Facebook for now has decided to avoid as it backed down last week and reverted to its previous Terms of Use. According to Mark Zuckerberg, founder and CEO of Facebook, “Going forward, we’ve decided to take a new approach towards developing our terms. We concluded that returning to our previous terms was the right thing for now.”
While the arguments supporting why a user should have the right to control his/her data and information are both persuasive and intuitive, one must also consider the “reality” of the situation. For example, Facebook currently boasts a user base of approximately 175 million users around the world. Without having first-hand knowledge of Facebook’s IT policies and protocol, presumably a user’s data is stored across multiple networks and servers that are backed up regularly. Is it even possible for Facebook to delete all of a user’s data when he/she leaves Facebook? It is reasonable to demand that Facebook undertake a search and destroy mission for each departing user by deleting his/her data from each and every server that ever touched such data (including each back-up server), and then scrub the same servers to ensure that the deleted data can never be recovered? Moreover, if a user elects to leave the service without deleting his/her information, should Facebook then be required to do so?
Furthermore, social networking sites like Facebook are designed for data sharing between users—hence the term “social network.” Is it reasonable to expect Facebook to comb through millions of user pages to hunt down data that must be deleted and purged when a user leaves the service? Perhaps the changes reflected above were merely intended to address rights-clearance issues and to protect and insulate Facebook against claims from old users.
Whichever position one wishes to take in this debate, two points are certain: one, the reaction to Facebook’s changes to its Terms of Use reflects a much wider issue about user data, who owns the personal information, and what should happen to it if a user decides to leave a service; and two, the industry will be keen to see what Facebook decides to do next.