As Facebook begins testing greater and greater publicity, with user controls, the EU begins demanding more and more of social networks’ privacy policies—or, that’s what we think their vague regulations are trying to do, anyway.
There are several specific policies that social networks such as MySpace and Facebook, which both have large European audiences, will have to comply with: automatically setting users’ privacy to the highest level (giving users the option to opt out of that extreme level of privacy), allow users to limit the data shared with third-parties (including advertisers and applications), and limit the use of “sensitive information,” including race, religion and political views, in behavioral targeting.
However, many of the regulations, like most laws, are constructed broadly. While broad language in laws avoids the problem of overspecificity, sometimes it becomes difficult for constituents to follow the law. I mean, do you want to define exactly what “legitimate purposes” a network must have to collect personal information?
On the other hand, how could the EU specifically name all the legitimate purposes for collecting data within its regulation? Is targeting birthday-centered promotions from advertisers a “legitimate purpose”? Is enabling your friends to send you virtual birthday gifts “illegitimate”?
What do you think? How can Facebook balance its users’ (and its own legal) need for privacy with its inherent purpose—friending everyone you’ve ever known since elementary school?