[LINK] PCWorld: 'A bill of rights for Facebook users'

Roger Clarke Roger.Clarke at xamax.com.au
Mon May 24 10:52:34 AEST 2010

>On Mon, 2010-05-24 at 08:45 +1000, Roger Clarke wrote:
>>  1. Let me know what I'm getting into (or out of)

At 10:16 +1000 24/5/10, Karl Auer wrote:
>Goodo - but the user has to READ this description. People want to be
>told, but then complain when Facebook's T&C are five pages long!

A fair point.  But:

(a)  the concept of 'layered' statements has been around for a long time
      and putting a short description in front of people as they sign up,
      with a link to the long version, shouldn't result in all that many
      drop-outs, should it?  Well, depending on what it actually says ...

(b)  there are various ways in which the long description gets used, e.g.:
      (1)  by each user reading it before they sign up (rare)
      (2)  by each user reading it when they feel the need
           (which does happen with appreciable numbers of people)
      (3)  by user reps and advocates, commentators and 'the media'
           critically examining them (which happens, and is crucial)

>>  4. Make privacy settings simple
>This one conflicts with all the others. If you want complex features,
>expect complex configuration. Which is not to say the configuration
>could not be better designed.

I was careful not to *endorse* the list  (:-)}

Something like 'UI only as complex as it has to be in order to 
deliver the functionality' is closer to a reasonable principle - but 
it's wordy.

>>  9. Accept responsibility when things go wrong
>That makes the T&C about twice as long. And it's way too wide.
>[A] Facebook can in any case not shirk responsibility in law;
>[B] what would be nice is
>to see such organisations with a proper and working complaints system,
>with real, useful actions to follow.

Agree with B.  Unfortunately, A is not true.  Facebook flaunts the 
laws of many jurisdictions, as do a range of other multinationals.

>>  10. Give me the right to quit and leave nothing behind
>Again - while Facebook could be required to delete everything, its users
>are under no such constraint.

Yes, the time is indeed coming fast when individuals will need to be 
subject to privacy law.

>Also, I would suggest that the fact of your participation and your basic
>identifying data (name, address, birthday, nicknames used etc) should be
>able to be retained by Facebook for their own protection. You should not
>be allowed to pretend you were never there. All other material - photos,
>text etc - should be deletable.

Address??  Birthday???  Are people dumb enough to put those kinds of 
things up there??  [Sorry, I'm a naive non-user.]

More seriously, the usual approach taken is to permit *logs* to be 
retained for a reasonable period.

That's partly to avoid disproportionate costs of doing things 
out-of-cycle, and partly because of the 'own protection' aspects you 
draw attention to.

But the reasonable period as perceived by normal people may be a 
great deal shorter than the 'statute of limitations' kinds of periods 
that corporate lawyers may try to invoke.

Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list