Following the Facing up to Facebook session at the University of Ottawa on Wednesday, Bob LeDrew and I chatted for quite a while about the privacy implications of social media. Specifically, we talked about services like Facebook and how they exploit trust and personal information for corporate gains — their own and their clients’. These companies do warn you on some level that, by accepting their terms of service, you forfeit your claims to privacy of your information and that you also assign full licensing rights (including for their own financial gain) for your content (text, photos, videos, etc…) to the them. However, they do this through obscure (certainly not plain English) terms and conditions. They also serve up what I call a ‘crippling and confusing suite’ of information sharing controls disguised as privacy controls.

Bob and I came to the realization that the key element in the discussion about privacy and an individual’s right to privacy in social media tools is the amount of complexity and confusion in the way the agreements are structured and what our real rights are. This is further complicated by the fact that privacy laws differ from country to country and while most countries have adopted strict privacy regulations in order to do business with the EU, the United States has managed to get by with a more relaxed set of rules called Safe Harbor.

From the Safe Harbor main webpage:

While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.

This raises a lot of concerns when Canadian companies like Flickr move their data servers to the United States.

As we talked, I mentioned to Bob that what the world needs is a Privacy Commons — a simple and easy to understand deed to privacy which clearly communicates the privacy (or absence of privacy) controls built in to a service (I blogged about this in November). We fantasized about a simple Privacy Commons modeled after the Creative Commons that would elegantly and concisely allow service providers to designate privacy features in a deed-like interface, indicating elements like:

• do they collect personal identifying data
• is the data stored and transferred in a way that protects confidentiality
• is the data shared or sold
• does the company expect blanket consent to share/sell private information or do they require case-specific consent
• how long data is kept
• how data is destroyed

Some would argue that it would be hard to get companies to adopt this model. I suggest that companies that are committed to privacy would have no issues adopting a model which would make that immediately obvious to people.  At the very least, it will help people understand the privacy features of the site. In the same way that the Creative Commons took a while to stick and connect those with a common vision of making creative works available under specific implicit terms as well as send a message to licensing bodies, the Privacy Commons would take some time to prove that taking privacy seriously is good business.

Many cultural, political, business and media revolutions have taken place online over the last few years. A revolution for simplified privacy in an increasingly public world seems like a logical next step.

Two questions come to mind:

• Who would build a Privacy Commons?
• Does anyone else see a Privacy Commons as being beneficial?

The latest issue of Podcast User Magazine includes a photo of me, taken by Steve Garfield, as the header for my Defining Moments column.

While I submitted the photo as a candidate for the header, I didn’t expect it to run without a credit. More importantly, use of the photo without clearing it with Steve is a problem in this particular case since PUM makes revenue from advertising and the photo is licensed under Creative Commons attribution-non-commercial-share-alike.

Steve’s a cool guy, though, and has assured me that with appropriate credit, he is okay with the use of the photo in this particular case.

Earlier today, I submitted a request to have the PDF updated and posted an acknowledgment through the comment feature on the PUM website. The comment is in moderation.

Thanks, Steve, for taking a cool photo and for sharing it with us!

As of this morning, the Petition: Facebook, stop invading my privacy! group has 10,141 members. At some point the group should get the attention of the powers-that-be of Facebook and their advertisers.

I have joined the group and signed the associated petition because I can see how Facebook is bending a number of social rules and not championing a culture of security and privacy. This is not a concern for those who are cautious about the handling and sharing of their information but for those who haven’t been educated on how and when to trust the companies and people they deal with. And, for the record, Facebook has offered a boatload of reasons for people to not trust them.

Perhaps the biggest problem is the way in which companies (read: their lawyers) structure their Terms of Use, Usage Agreements and Privacy Policies. The agreements are often confusing even for well educated people and, more significantly, they’re unnecessarily long. By structuring their agreements in this manner, companies are purposefully taking advantage of their market. I would go so far as to say that they are ’setting up’ their market to take the fall.

Larry Lessig’s approach to contracts is a model that should be adopted by all legal departments - particularly those that are playing in the Web 2.0 playground. The Creative Commons license agreement takes a convoluted legal document and summarizes it in a simple and elegant deed that everyone can understand. Basically, Mr. Lessig has put the power of the law where it belongs — in the hands of the commons. By doing so, he has equipped them to self-regulate which is what people want in Web 2.0. [Hey Larry! Can you create the Privacy Commons???]

Facebook can argue that it offers a great deal of flexibility for its members to make changes to their privacy settings. This abundant flexibility is confusing and takes a fair bit of time to understand and tweak because there are many groupings of granular privacy settings — some settings may override others. Facebook needs to offer a simpler model with stronger default settings and have the additional flexibility available should people want the granular control.

Facebook is being presented with a beautiful opportunity to set the example for all Web 2.0 companies by establishing and managing a simplified and sustainable culture of trust for its community. The ball is in their court and whether they dribble, pass or go for the net will determine the future of Facebook and its peers.

BOOK RECOMMENDATION… The Privacy Payoff: How Successful Businesses Build Customer Trust written by Ann Cavoukian (Privacy Commissioner, Province of Ontario) and Tyler Hamilton.

The Canadian Podcasting Legal Guide was unveiled by Andy Kaplan-Myrth and Kathi Simmons at Podcasters Across Borders and is now available for download (in html and pdf) from the Creative Commons Canada site.

The presentation by Andy and Kathi will be available for download on the Canadian Podcast Buffet in the next two weeks.