Facebook’s increasingly genius method of connecting users through the “People You May Know” function is coming under scrutiny, with legal and ethical questions of how Facebook collects users’ information to create friend suggestions, as well as what Facebook users can do to regain control and reduce unwanted privacy intrusions.

What is the issue?

Facebook’s “People You May Know” tool was designed to conveniently identify and suggest Facebook friends between people who might already know one another. Although the mechanism serves a seemingly innocent function, some Facebook users fear it oversteps their personal boundaries. As their argument goes, even though they know someone in one context should not imply that they want to be connected in a different one—they, understandably, prefer to maintain distinctly separate work, personal, and social relationships.

Consequences of Facebook’s practices have recently surfaced in some of the most traditionally confidential settings, such as in a psychiatrist’s office and a suicide prevention meeting. Last month, a psychiatrist reported that several of her patients noticed one another in their “People You May Know,” despite little to no mutual friends in common, background, or age similarities. Similarly, in June, a concerned father discovered that after attending a suicide prevention group with his son, other parents who attended appeared in his list of suggested friends despite neither meeting before the event nor exchanging numbers.

Spectators hypothesize that the psychiatrist’s patients may have been connected on Facebook because they each have at least one mutual contact on their mobile device (their psychiatrist) and were in the same location at the same time (psychiatrist’s waiting room). Similarly, the parents from the help group were in the same location for the event and are similar in age, so Facebook likely presumed that they may know one another.

Although Facebook has not explained these curious situations, its website lists “mutual friends, work and education information, networks you’re part of, contacts you’ve imported, and many other factors” as how it determines friend suggestions. Even though location is likely one of the “other factors” described, Facebook denies using location-tracking software for the “People You May Know” tool.

Who holds the responsibility?

It is everyday people, you and I, who are ultimately responsible for protecting and enforcing personal privacy expectations on Facebook.

To begin, Facebook should not be mistaken as a harbor for those seeking complete or even partial isolation—the word “Facebook” itself connotes a place where one’s face is on display. In a broader sense, “the logic to these media is the increased visibility of any user’s self in an extended space and the means to display one’s formerly ‘private self’ in a very public forum.” Majid Yar, E-Crime 2.0: The criminological landscape of new social media, 21 Info. & Tech. L., 207, 218 (2012).

That said, Facebook is a social media networking website, specifically designed for people to socialize online, and the “People You May Know” function merely recommends who may be relevant to connect with. Facebook cannot perfectly suggest the exact people who each of its over 1.7 billion users deem as “acceptable.” Thus, Facebook makes educated guesses—by using contact information, age, mutual contacts, etc. If people are uncomfortable with this default setting, then it is up them to make the necessary changes.

Facebook users—as well as Internet users, generally—have the knowledge, curiosity, and social desire to seek information while online. Notably, nearly two-thirds of all Facebook users use the site for “finding, reading, discussing, or sharing news.” Further, American Internet users reportedly value Internet’s endless opportunities to learn, share, and diversity the flow of information into their lives. Facebook users therefore have a solid foundation to help them understand, or at least explore, their individual privacy settings on Facebook.

Do you know what you are consenting to?

The following are important points to remember when determining what and how to limit your personal information and activities on Facebook:

  • Merely publishing personal information online can effectively “renounce all privacy rights” to that post, especially “where the [user] did not employ protective measures or devices that would have controlled [others’] access.” United States v. Gines-Perez, 214 F. Supp. 2d 205, 225 (D.P.R. 2002). Thus, “if privacy is sought, then public communication mediums such as the Internet are not adequate forums without protective measures.”
  • Personal information on Facebook does not itself signify “currency” nor should it be viewed as a form of property, In re Facebook Privacy Litig., 791 F. Supp. 2d 705, 715 n.10 (N.D. Cal. 2011); therefore, even an “unauthorized release of personal information” may not be viewed as a loss of property. Ruiz v. Gap, Inc., 540 F. Supp. 2d 1121, 1127 (N.D. Cal. 2008).
  • Facebook users impliedly agree to Facebook’s terms of service simply by creating a Facebook account. If Facebook decides to alter their terms at any point, it needs to provide notice to its users, which is typically accomplished in a general email or Facebook notification to all account holders; continuing to use Facebook signifies implied consent. See In re Facebook Biometric Info. Privacy Litig., No. 15-cv-03747-JD, 2016 U.S. Dist. LEXIS 60046, at *26 (N.D. Cal. May 5, 2016).
  • Facebook lists ways to stay safe while on its site, such as encouraging users to “[l]earn how to use Facebook’s privacy shortcuts and settings to comfortably share and connect with others” and to “[t]hink before you post.” Facebook, most importantly, advises to “[a]djust your privacy settings and review them often.” Understand what you have legally consented to by taking the time to review these resources provided by Facebook: (1) the official Data Policy, filled with nuanced legal terms; (2) the user-friendly version; (3) the Help Center home page; (3) basic privacy tools; and (4) your own personal privacy settings.
  • As established by the Federal Trade Commission, Facebook is not required to “obtain affirmative express consent for sharing of a user’s nonpublic user information initiated by another user authorized to access such information, provided that such sharing does not materially exceed the restrictions imposed by a user’s privacy setting(s).”
  • Facebook’s privacy settings require users to “opt-out” if they are uncomfortable with the default option. While this is certainly more controversial than an “opt-in” model, Facebook’s services would arguably not be nearly as effective without the more aggressive default setting favoring connectivity over privacy. See Jahmy Graham, “Standing” Up To Facebook? Where’s The Harm?: David And Goliath Meet Social Media And Injury-In-Fact For Article III Standing, 43 Sw. L. Rev. 149, 167 (2013). However, this means that the burden is shifted to you, the user, to take it upon yourself to stay proactive in maintaining your own idea of privacy.
  • Some information on Facebook is always public. Facebook uses people’s listed name, gender, username and user ID, profile picture, cover photo, networks, age range, language, and country to create a “Public Profile” to “help connect you with friends and family.”
  • To prevent serious situations like that of the psychiatrist’s patients and the concerned father, users should disengage from Facebook’s default settings that collect contact information and track their location. You can remove all of the contacts from your Facebook account, or remove selected contacts. Further, you should review your mobile devices’ settings to ensure you are not allowing Facebook to access your location.
  • Facebook, in its terms of service, explains that there is “[no] guarantee that Facebook will always be safe, secure or error-free or that Facebook will always function without . . . imperfections.”

Ultimately, it is up to you to educate yourself on if and how to remain “private” in Facebook’s public arena: either adjust your settings accordingly, or be viewed as an open book.


About Author

Jessica Falender is a Media Law Fellow and contributor at Stream Industry. She is in her second year at Indiana University Maurer School of Law, and serves as an extern at CMG Worldwide. Jessica is interested in media, communications, and entertainment law, and has previously interned at the Federal Communications Commission in the Media Bureau Industry Analysis Division.

Comments are closed.