Facebook also will create a page that makes it easier for people to download their data so that they can more clearly view what information the company collects about them.
The changes come after revelations that the data firm Cambridge Analytica had wrongfully obtained Facebook profiles for at least 30 million Facebook users. The updates also coincide with sweeping new privacy laws, which require more specific and simplified disclosures to consumers, that are due to go into effect in Europe in May.
“The last week showed how much more work we need to do to enforce our policies, and to help people understand how Facebook works and the choices they have over their data,” Erin Egan, Facebook’s chief privacy officer, wrote in the blog post. “We’ve heard loud and clear that privacy settings and other important tools are too hard to find, and that we must do more to keep people informed.”
Facebook said it did not implement the changes entirely because of Cambridge Analytica — and wasn’t motivated solely by Europe’s new data protection rules, either. But Rob Sherman, the company’s deputy chief privacy officer, acknowledged in an interview that the company must repair its relationship with users.
“People aren’t going to trust Facebook, they’re not going to be comfortable using it, if we’re not an ethical steward of data,” he said. “I think, certainly, what’s clear over the past week or so is that we’ve lost a lot of trust and we have to do some work to regain it, and that’s something I think all of us at Facebook have internalized and are working really hard to do.”
The changes Facebook announced Wednesday primarily redesign and streamline already-existing features. The social network already gives consumers the ability to download their data and control many privacy settings, albeit in a confusing way.
Nate Cardozo, senior staff attorney at the privacy group Electronic Frontier Foundation, said that Facebook’s design changes were a start, but did not address deep needs for consumers. For instance, he said, Facebook does not let people remove their data from the company’s servers. “Facebook has gone one tenth of the way toward restoring public trust here,” he said.
But research has shown that changes in design, sometimes called privacy nudges, can affect people's behavior, said Lorrie Cranor, director of the Cylab Usable Privacy and Security Laboratory at Carnegie Mellon University and the U.S. Federal Trade Commission’s former chief technologist.
A 2010 study by Cranor and other Carnegie Mellon researchers found that people tend to comprehend simpler privacy policies better than long, complicated ones. The study, which included 764 participants and followed a format for privacy policies modeled after a nutrition label, also found that people got through simpler policies more quickly and were less frustrated by the experience.
Alessandro Acquisti, a Carnegie Mellon computer scientist who also co-authored the privacy study, said that Facebook’s controls had gotten more and more complex over the years in response to a series of privacy scandals. He applauded the streamlined changes, but said that overall they were akin to “putting lipstick on a pig” because Facebook’s underlying approach to user protecting user data was “ultimately broken, and today’s changes are not fixing that.”
Another big concern, he said, is whether Facebook’s default settings continue to encourage consumers to share large amounts of data. Researchers, he said, have long documented what is known as status quo bias, in which consumers are very unlikely to switch or opt out of the default mode that companies lay out for them.
The announcements come as Facebook weathers a barrage of unprecedented regulatory scrutiny. In the United States, Facebook CEO Mark Zuckerberg has been asked to testify before three congressional committees investigating the Cambridge Analytica controversy, and he’s expected to submit to questioning by at least one of those panels. Similar probes are underway throughout Europe, including the United Kingdom, where lawmakers plan to grill Chris Cox, the chief product officer of Facebook, at a hearing next month.
European regulators have been especially critical of Facebook in recent weeks. Months from now, the European Union is set to begin enforcing a new set of tough privacy and data protection laws that require tech giants to be more forthcoming about the information they collect and why.
Appearing at a major industry conference in Washington, D.C. this week, some of those officials stressed that Facebook needs to learn from its mistakes.
Andrea Jelenik, the leader of the Article 29 Working Party, an organization of E.U. data protection enforcers, specifically pointed Wednesday to Facebook’s multibillion dollar stock losses.
“I think if Facebook would have spent 10 percent of this money on data protection issues, maybe the loss wouldn’t have been,” she said.