Facebook Vice President of Product Chris Cox delivers a keynote address at Facebook’s “fMC” global event for marketers in New York City February 29, 2012. (REUTERS/Mike Segar)

Facebook’s privacy practices have always been controversial. It doesn’t charge its users–because its users are the product. The company sells information on its users, their social networks, services they like, and a multitude of other forms of information to advertisers and marketers. This gives Facebook a strong incentive to push privacy boundaries constantly, since the more personal information Facebook gathers on its users, the more money Facebook will be able to make by selling this information on to marketers.

This has meant, for example, that Facebook has frequently changed its privacy policies, often in confusing ways. Jennifer Shore and Jill Steinman, two undergraduate students at Harvard have just published a new research article in Technology Science showing that, over time, these changes have led to Facebook’s privacy policy becoming much, much worse.

Shore and Steinman compare different versions of Facebook’s privacy policy from 2005 to 2015 (with some missing data in 2011 and 2012), using a standard set of measures of privacy policy. This graph shows how its quality has changed over time (scored out of a possible 100; the underlying data are available here).

Facebook privacy policy
Facebook privacy policy rating over time as a percentage of the best possible score. Dots highlight dates of a policy heavily criticized by advocacy groups (A) and the next revision (B). Gap identifies missing archived policies. Used with permission of Technology Science

Facebook starts off with a reasonably tolerable set of privacy policies, which get better in the early years, but then decline sharply.

After Facebook issued a weak set of privacy policies in 2008, it encountered sharp criticism from privacy watchdog organizations and ordinary users. This led it to improve its standards again with a revised set of standards in November 2009. However, since then there has been a stark downward trend. By Shore and Steinman’s measures, Facebook’s privacy standards today are much worse than the much-criticized 2009 standards.

Furthermore, there is little reason to think that Facebook has any intention of improving them. Facebook has grown dramatically in size and market power since 2009, and, according to Shore and Steinman, doesn’t seem especially responsive to pressure either from advocacy groups or regulators. Overall, they find that Facebook’s standards for privacy drop in 22 of the 33 areas that they study.