Chris Kelly Explains Facebook’s Privacy Principles (and Beacon) to Congress

Last week, the US Senate’s Committee on Commerce, Science, and Transportation held a hearing on “Privacy Implications of Online Advertising” to learn more about the key tensions at hand. As part of the hearing, Facebook’s Chief Privacy Officer, Chris Kelly, was invited to speak before the committee. You can check out the full text of his testimony here.

Some highlights:

1. Quoting from Facebook’s privacy policy:

1. You should have control over your personal information.

Facebook helps you share information with your friends and people aroudn you. You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the Privac page.

2. You should have access to the information others want to share.

There is an increasing amount of information available out there, and you may want to know what relates to you, your friends, and people around you. We want to help you easily get that information.

2. Regarding personally identifiable information:

I cannot stress strongly enough thtat Facebook does not authorize access by the Internet population at large, including advertisers, to the personally identifiable information that a user willingly uploads to Facebook. Facebook profiles have extensive user-configurable rules limiting access to information contained in them. Unless a user decides otherwise by willingly sharing information with an advertiser – for instance, through a contest – advertisers may only target advertisements against non-personally identifiable attributes about a user of Facebook derived from profile data.

3. Regarding Beacon’s launch and the subsequent backlash:

We introduced at the same time as Facebook Ads a product called Beacon to allow users to bring actions they take on third-party sites into Facebook. Our introduction of this product with advertising technology led many to believe that Beacon was an ad product when it really was not. Participating third party sites do not pay Facebook to offer Beacon, nor must a third party site that wants to use Beacon purchase Facebook Ads… We discovered in the weeks after launch that users felt they did not have adequate control over the information and how it was being shared with their friends…

We are currently working on the next generation of Facebook’s interactions with third party websites, called Facebook Connect, to empower users further to share content and actions with their friends using the Facebook infrastructure, and are focused on assuring that proper controls are built into this system