You, Starring in Your Own Commercial

Why Facebook is After Your Kids in today’s NY Times reports that Facebook is lobbying to change the Children’s Online Privacy Protection Ace (COPPA), the 1998 law that bars websites from obtaining personal information for children 12 or younger without parental consent.  Facebook wants more freedom to accept younger users–and there are already 7.5 million Facebook users under 13.  The Times states:

We don’t really know yet how joining Facebook at a tender age affects kids socially and emotionally. There’s the fun and freedom of Facebook, and then there’s the Consumer Reports finding that the site exposed a million teenagers to bullying and harassment last year. What is clear is that Facebook thinks it needs access to kids’ lives in order to continue to dominate its industry. The younger the child, the greater the opportunity to build brand loyalty that might transcend the next social-media trend. And crucially, signing up kids early can accustom them to “sharing” with the big audiences that are at their small fingertips.

The article quotes Mark Zuckerberg about the benefits of “frictionless” sharing on Facebook:

“We help you share information, and when you do that, you’re more engaged on the site, and then there are ads on the side of the page. The more you’re sharing, the more — the model all just works out.” 

The younger the age at which you become accustomed to Facebook’s view of your relationship to your personal information–you exist and share in order to generate advertisements tailored precisely to your demonstrated interests–the deeper Facebook’s hold on the details of your life.

New EU Data Privacy Law

U.S. lawmakers dither over new, stricter laws governing online data tracking.  Meanwhile, a EU privacy directive which goes into effect on May 25 requires EU websites to obtain “explicit consent” from users to gather online browsing and shopping data.  Excluded are cookies tracking items placed in website shopping baskets; otherwise, based on this article, the consent directive is comprehensive.  Websites are determining what steps are necessary to comply with the law.  One possible result is “that after 25 May, users see many more pop-up windows and dialogue boxes asking them to let sites gather data.”

Facebook’s Latest Bad Privacy Idea

Facebook has a knack for corroding privacy expectations.  From The Gothamist, a post titled No Stopping Facebook From Using Your Life as an Ad:

Facebook is about to launch a new ad feature called “Sponsored Stories,” in which users who check into Facebook while, say, visiting Starbucks, will simultaneously become potential spokespersons for Starbucks. (It also applies to products you “like” on Facebook.) Corporations interested in this form of “organic advertising” will have the option of paying Facebook for users’ profile images and product comments, to use as an ad that’s seen on their friends’ pages. Facebook users, however, won’t have the option of opting out.

Kudos to The Gothamist for mentioning the generational divide with respect to issues like this.  I’m just an old-fashioned guy; I think there’s nothing to admire or respect about today’s hit song being tomorrow’s Toyota ad, and I cannot comprehend why one would allow their life to be used in this way.  But maybe that’s just me.  Maybe if you are not the star in your own life movie, you can appear in the ads shown during its broadcast.

One More Privacy Post

From an article two weeks ago in the WSJ’s What They Know series:  ‘Scrapers’ Dig Deep for Data on Web:

At 1 a.m. on May 7, the website noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves.  It was a break-in. A new member of the site, using sophisticated software, was “scraping,” or copying, every single message off PatientsLikeMe’s private online forums.

The scraper?  Nielson Co. “a global leader in measurement and information.”  Of course by mentioning Nielson in this blog and visiting Nielson’s website  they can add one more bit of clickstream data to my database entry.

Oops, We Did It Again

The Wall Street Journal’s ongoing What They Know investigative series, about online marketing and privacy practices, is a must-read for anyone interested in commerce and privacy.  Every week the Journal reports on some widely-used but little-known aspect of electronic tracking and data collection, and it seems every week the Journal article reveals one or more companies violating their internal data-disclosure policies.  The companies sing the same refrain:  Oops, we didn’t mean to do that; because of the mistake we’ve changed our software/data collection/security protocols; now it’s all better.  Today’s article–A Web Pioneer Profiles Users By Name–reports that tracking company RapLeaf maintains the holy grail of online data collection, a detailed database containing users’ real names and home addresses.

[P]ossessing real names means RapLeaf can build extraordinarily intimate databases on people by tapping voter-registration files, shopping histories, social-networking activities and real estate records, among other things.

RapLeaf has 1 billion email addresses in its database, not all of which are linked to real names.

RapLeaf acknowledges collecting names. It says it doesn’t include Web-browsing behavior in its database, and it strips out names, email addresses and other personally identifiable data from profiles before selling them for online advertising.   Nevertheless, the Journal found that, in certain circumstances, RapLeaf had transmitted identifying details about Mrs. Twombly—such as a unique Facebook ID number, which can be linked back to a person’s real name—to at least 12 companies. The Journal also found RapLeaf had transmitted a unique MySpace ID number (which is sometimes linked to a person’s real name), to six companies. MySpace is owned by News Corp., which publishes the Journal.   RapLeaf says its transmission of Facebook and MySpace IDs was inadvertent and the practice was ended after the Journal brought it to the company’s attention. The company says people can permanently opt out of its services at

The article contains too much to summarize or excerpt here.  It’s worth a look.

After finishing the article I checked my computer for a RapLeaf cookie.  I did not find one, but I’m not confident it’s not there.