On Privacy, Google and Facebook Are Much The Same
Where some see very different approaches, I see two companies struggling to find the balance that meets both customer expectation and commercial need.
Business users have particular reason to be concerned about these issues, since working people have much at stake in the privacy debate--like their own jobs and their company's competitive advantage.
There are two misconceptions I'd like to address:
- Facebook has been trying to improve privacy for its customers.
- Google doesn't think privacy is possible or doesn't care.
Let's start with Facebook: What impresses me most about Facebook's privacy changes
is how the company tried to get customers to accept default options that are more open than many of us would choose on our own.
The reason for this seems to be so Facebook users will drop more information into search engine real-time search, for which Facebook receives some sort of value from Google.
There is also the issue of being able to personalize advertising more effectively, which is how both Facebook and Google use our personal information to fatten their bottom lines.
I read a news report quoting a Facebook spokesman saying half of the service's users have already tightened the new defaults. The company itself, which first made Friend Lists public without a privacy option has since reversed course and now allows users to make their friends' identities private.
If Facebook is such a white knight, why did they open Friend Lists--only to be forced to back down-or select such open default settings to begin with? Wouldn't it be better to default to "friends only" settings and let customers open the settings as they saw fit?
Nevertheless, it does appear Facebook takes its users' privacy concerns seriously and does so in a pretty conspicuous manner. Still, its recent changes appear to have been more aimed at making user information more public than more protected.
"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."
The hand-wringers at the Electronic Frontier Foundation (and my colleague, Tony Bradley) used the quote to suggest that Schmidt and Google are soft on privacy.
Not so! I read the quote as a reminder of two things: First, that privacy begins with the user, and, second, that online privacy is never absolute. What you post online may seem private, but when push-comes-to-federal-judge, it isn't.
What do critics want Schmidt to say, that Google will refuse to respond to court orders? And there is the dichotomy of how we don't want our personal privacy violated but are happy when terrorists are brought to justice as a result of electronic surveillance.
I appreciate that some didn't like the moralizing tone of Schmidt's remarks, but he happens to be right. If you don't want people to know about it, maybe you shouldn't be doing it, and you certainly shouldn't be doing it online.
Dr. Schmidt's comments are also about privacy generally, not what Google does to protect user data or, more importantly, what it uses that data for internally and what is available for release when the Patriot Act cops come knocking.
Both Facebook and Google understand that user confidence is an important aspect of their business and that privacy plays a significant role in that. Of the two companies, I think Google is probably better thought out in its privacy practices, but also consider it the more threatening of the two in terms of the information it has on hand that users might not be aware of.
Ultimately, legislation is probably needed to establish uniform privacy principles and practices, but that is beyond this discussion.
The threat from Facebook is the information we post. The threat from Google is what it does with the information we allow it to gather about us. Both threats are real, neither company is all good, or all bad.