James Grimmelmann has an excellent post over at the Laboratorium. His summary:
Another member of a professorial mailing list I’m on asked whether Facebook may have violated the Video Privacy Protection Act of 1988. Nicknamed the “Bork Bill†(a newspaper published his video rental records during his confirmation hearings), the VPPA protects your privacy in the videos you rent and buy. Well, guess what? One of Facebook’s Beacon partners was Blockbuster, so some of the items that wound up in people’s news feeds were the names of videos they’d bought. Oops.
I dug a bit into the legalities of the issue, and this is roughly what I came up with: Facebook and Blockbuster should hunker down and prepare for the lawsuits. Their recent move to allowing a global opt-out may cut them off from accruing further liability, but there’s probably an overhang of damages facing them from their past mistakes.
As usual with James, it’s a very detailed analysis; the discussion is also excellent.
Looking specifically at Blockbuster’s liability, there’s an interesting parallel to my as-yet-unanswered question in the thread about Beacon’s announcement of a global opt-out about whether Beacon caused advertisers to violate their privacy policies. In the web 2.0 world, the dependencies between software components mean that service providers (Facebook in this case) can put their customers (Blockbuster) at legal risk. As Google, Yahoo, Microsoft, Amazon, eBay, Facebook et. al. compete, it will be a major advantage to whoever first seizes the high ground by providing services and platforms that are noticeably less risky. In addition to the classic considerations like security and ability to deliver on service level agreements (SLAs), this will increasingly include considerations like well-thought-out policies — and getting and listening to a broad range of perspectives, including from privacy advocates, before launching new services.
MikeA | 17-Dec-07 at 1:51 pm | Permalink
sorry Jon, but all this goes by the wayside while all of the advertisers (which we all know Facebook, Google, Yahoo, etc, are really) compete in who knows the most about their users and can push the best targeted ads. Companies will remember beacon pushing the boundary for a while, but soon forget (doubleclick cookies anyone?).
Seems our privacy is up for grabs on these sites (which I why I’ll never have a facebook account), all for pushing ads, which I really wonder at how effective they are anyway – they just anoy the hell out of me and I never click on them at all.
jon | 19-Dec-07 at 9:26 am | Permalink
Mike,
Specifically with Beacon, we shall see. As I said to Chris Treadaway when he made a similar suggestion a month ago, I think it’s also possible that this will be seen as an inflection point — for example by reinforcing the calls for a do not track list, and/or leading to legislation.
Because of MoveOn’s involvement, this has made it to the national political scene; while it’s too much to expect it to influence this year’s presidential race, I wouldn’t be surprised if more than a handful of populist [in the good sense!] politicians of both parties use “freedom from tracking” successfully as an issue in their campaigns. That in turn will get noticed; companies will have to react, and other opportunistic politicians will see opportunities.
And more generally, I don’t have a lot of patience with the “sorry, it’s hopeless” viewpoint you advance here. If you really do think that advertiser’s and web sites’ businesses above the law and consumer rights, then say so, and stop with the “sorry”.
On the other hand, if you care about privacy, then regarding the cause as futile is recipe for a failure. Instead consider it an open question; maybe the odds are against us, but it’s early days yet. What are you doing to help?
jon