(Post corrected 9-25-11)
Facebook’s announcement of a new passive data collection program (Open Graph) has led to a good discussion about whether Facebook’s data collection goes beyond what consumers would expect, particularly when off of Facebook.com and when logged out. It’s worth taking another look at Facebook’s privacy disclosure to see whether and how this data collection may be limited.
In short, Facebook makes it clear in their privacy statement that, even before the Open Graph, your cross-site activity is collected, although Facebook has undertaken not to share it with others or use it for ad selection.
1. Facebook collects information about your visits to others sites with Facebook buttons:
We receive data whenever you visit a game, application, or website that uses Facebook Platform or visit a site with a Facebook feature (such as a social plugin). This may include the date and time you visit the site; the web address, or URL, you’re on; technical information about the IP address, browser and the operating system you use; and, if you are logged in to Facebook, your User ID.
Most importantly, this data collection is not limited to when you interact with a Facebook button (such as to Like the site). Facebook does exclude your User ID if you are not logged in; but it isn’t clear why any data would or should be collected in that case.
Your trust is important to us, which is why we don’t share information we receive about you with others unless we have:
- received your permission;
- given you notice, such as by telling you about it in this policy; or
- removed your name or any other personally identifiable information from it.
However, as Justin Brookman pointed out in response to an earlier version of this post, Facebook has undertaken (in a help page outside of their privacy statement) to limit use and retention of data collected offsite:
We do not share or sell the information we see when you visit a website with a Facebook social plugin to third parties and we do not use it to deliver ads to you. In addition, we will delete the data (i.e. data we receive when you see social plugins) associated with users in 90 days. We will keep aggregated and anonymized data (not associated with specific users) after 90 days for improving our products and services.
PS Please note that the Facebook button you see on privacychoice.org does not transmit data unless and until the user interacts with it; we customized ours to avoid this. Even though it requires a second click from users, we recommend this approach for publishers. Although Facebook has taken the position that this violates their policies, we have not heard this directly but of course will report if/when we do.