Yup, we agree: “It’s not a privacy ‘breach’ when information about you is out there already.”

by on November 15, 2010 · 3 comments

Rob Pegoraro’s article in yesterday’s Washington Post is a worthy read, if only because it puts into context what is and isn’t a privacy breach.

Recently, there’s been a lot of noise–started by a Wall St Journal article–about a supposed privacy breach by Facebook surrounding the misuse of user data by applications installed on the user’s page. But as Pegoraro relates, this information was all public anyway, much like a phone book displays your identity. Here’s what he says is the difference between what is and isn’t a breach:

Privacy breach: Exposes private information you tried to keep confidential, in ways that risk the loss of money or security or otherwise fairly earn the adjective ‘Orwellian.’”

NOT a privacy breach: Information about you that is already made public to users of a website, including the “basic parameters of people’s accounts:  their name, picture, gender and networks….”

The point is that we shouldn’t conflate the use (or misuse) of public information with the breach of private information. Doing so elevates a lesser offense at the expense of something that is much more serious.

But as much as I like the article, I also have a few quibbles. Pegoraro says that if users are still offended by Facebook, they should blame the site for its default settings and switch to a competitor. And while losing customers is the ultimate penalty for any business, he misses the point in a couple of ways. First, we want to encourage innovation in social media and information sharing, which means companies need the freedom to set and change default settings (I’ve blogged on this before). Second, instead of switching sites users can just adjust their privacy settings! This simple, less drastic measure wasn’t even mentioned.

  • Jim Harper

    Given the subjectivity of privacy, I wouldn’t limit privacy breach to events that “risk the loss of money or security,” much less the Orwellian thing (which I confess to not understanding).

    If I want to keep private that fact that I had a chicken sandwich, and if I took all the necessary steps to keep that private, but another’s actions wrongly exposed that information, that’s a privacy breach.

    Whether I should have any remedy for such a trivial breach is a separate question.

  • gcr

    Jim has a point. The breach here involved tying your identity to the actions you were doing on facebook. Like ordering a chicken sandwich. More generally, the invasion was in misusing your information. I guess if you want to get technical, it was a breach like an old fashioned breach — it violated a contract.

  • http://twitter.com/binarybits Timothy Lee

    Also, in some cases the “public” information is only public because Facebook unilaterally decided to start disclosing it after previously promising to keep it private.

Previous post:

Next post: