Privacy in an Information Society: issues from the Facebook experience

Interested in this topic? Contact our expert Suella Hansen @

February 27, 2008

… In today’s society where the currency is information, and national policies are being framed to further this paradigm...privacy has indeed been sacrificed to embrace the potential of the Internet and by extension, the Information Society.

In recent weeks the social network, Facebook, has been widely criticised for the difficulties experienced by its users wishing to end their association with the site, and seeking to delete their accounts and all of their content. However, in Facebook’s Terms of Use (effective 15 November 2007), to which members would have agreed in order to complete the registration process, it is clearly stated that although “you may remove your User Content from the Site at any time”, “you acknowledge that the Company may retain archived copies of your User Content”. Its Privacy Policy (effective 6 December 2007) further states “removed information may persist in backup copies for a reasonable period of time”.

Due to the unflattering coverage that is being given to its users’ disenchantment, it is likely that Facebook will soon amend its systems to more expediently permit the complete removal of accounts and user contents. Yet this situation underscores a number of broader privacy issues associated with the Internet, which have already been subject to extensive debate, but which do not appear to have been substantively resolved. These include:

  • the false sense of security that the Internet can engender
  • the value of information
  • the possible impact of the “Information Society” on personal privacy

False sense of security of the Internet

In its present incarnation, the Internet is a global “network of networks”, which as at December 2007, had approximately 1.3 billion users worldwide. It comprises millions of smaller networks, which carry diverse applications and services, as well as considerable volumes of data. Through this connectedness, distinct benefits are realised: information can be inexpensively accessed from almost any source on the network, and it is possible to interact with people and organisations, regardless of number and independent of geographic locations.

Exhibit 1: Growth in global Internet users from 1997 to 2006 [Source: ITU]


It is perhaps these overriding features, in the fast and increasingly impersonal pace of our societies, that have precipitated the Internet’s popularity as a preferred medium to connect to others, where we readily broadcast private and personal information, without fully appreciating the real threats that exist on the flipside of those benefits. As a public network that is permanently connected, but which can foster anonymity, there is continued opportunity for breach, evidenced by:

  • the proliferation of and destruction by computer viruses, worms, malware programs, Trojan horses, spyware, etc
  • the successful hacking of seemingly secure servers worldwide, despite the efforts made to protect those systems
  • the upsurge of instances of fraud and identity theft, which are being facilitated by the Internet.

Additionally, it is a well-known fact that a person’s actions online can be tracked. Through the widespread availability of personal information on the Internet, especially that willingly published by the owners, it is no longer a specialised activity to obtain some insight into someone’s life. For example, it was recently reported in the Nation that many employers research job applicants through Facebook and search engines, and that the police are accessing social networking sites when conducting criminal investigations.

Value of information

One of the greatest challenges of doing business on the Internet has been to translate the popularity of a website into revenue. Even for businesses that engage in the sale of goods and services over the Internet, important sources of revenue are through advertising arrangements and the sale of data generated by site visitors.

Consumer data, which would include demographic and behavioural information, is valuable to marketers. To highlight the value of user content to websites, through the Terms of Use it can be mandated that the sites are authorised to use, modify, publicly display, reproduce, and distribute that content as they see fit. However, when Facebook launched Beacon last year, an application that broadcast its users’ profile pictures and private activities as advertising bulletins, there was considerable outcry. Although Facebook acquiesced and participation in Beacon is now on an opt-in basis, Facebook still has considerable latitude with user content under the Terms of Use, although the ownership, intellectual property rights or other proprietary rights (supposedly) remain that of the Facebook user:

By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. [Source: Facebook Terms of Use]

Moreover, it has been reported that even state governments in the United States have begun to exploit the value of personal information, by selling certain public records. The potential value of such material was clearly highlighted when two computer disks containing personal details on approximately 25 million people went missing in the UK last year, and it was alleged that the value of that data to criminals could be in the region of GBP1.5 billion (USD 3 billion).

The Information Society and privacy

Inherent to the value of information on the Internet, is its larger context: the Information Society. The term has become a popular catchphrase that speaks to the creation and harnessing of information as a significant driver of economic, political, and cultural activity, and its realisation has been stated as a critical goal by several countries worldwide.

The capability of society to maintain pertinent information on its citizens could be an important mechanism to better enable the social and welfare needs of each member to be addressed. However, as all aspects of life becomes digitised, the data harvested and stored will become even more invasive. Already evidenced by the wealth of information available through the Internet, no longer will this data be limited to key milestones (birth, health, education, marriage, work, etc), but even mundane and intimate activities of everyday life are already becoming part of an individual’s record, which will be available to others, and could be manipulated and used by them, unbeknownst to the individual.

A frequently used quote attributed to Scott McNealy, Chairman of Sun Microsystems, is that with regard to the Internet, “You have zero privacy anyway. Get over it.” In today’s society where the currency is information, and national policies are being framed to further this paradigm, this saying appears to be true: privacy has indeed been sacrificed to embrace the potential of the Internet and by extension, the Information Society. On the other hand, the creation of new and improved products and services, customised and better suited to our needs, is dependent, to a great extent, on developers having access to pertinent information on the public at large.

Interestingly, although the recent complaints by Facebook users are often referred to as an invasion of privacy, when the issues are examined more closely, the common point of contention appears to be the users’ loss of control of their content, rather than there being a breach of privacy. Hence, bearing in mind that to somehow hinder the development of the Information Society to avoid such experiences might not be possible, greater consideration may need to be given to issues related to the control of data: for example, who truly has rights to the data and for what purpose. For user-generated material, intellectual property and other proprietary rights to the owner would likely be applicable. However, for data recorded on a person, such as through a transaction or under some form of surveillance, the rights of the subject under such circumstances might not be as clear cut.