German privacy concerns lead to a change of Facebook's controversial feature that allowed the social network to approach third parties that weren't even using Facebook. Privacy experts say it's still not enough.
Non-Facebook members can now block invites
Facebook has agreed to alter its controversial Friend Finder program after Hamburg's privacy commissioner, Johannes Caspar, began pushing for fine proceedings six months ago.
The Friend Finder feature allows users to input e-mail addresses to the site, and then Facebook invites them to the network.
As of Monday, Facebook, which has over 10 million members in Germany, now gives its users more control over how the site uses their private address collection and approached non-users can block Facebook's e-mail altogether.
"It's crucial that non-users now have a veto," said Caspar, in a Deutsche Welle interview. "A lot of people were actually concerned once they received e-mails and they were wondering how Facebook knew about their friendships and acquaintances."
Facebook users now can choose the e-mail addresses that should receive an invitation to the social network. Prior to the change, the California company had sent out invitations to all contacts in a user's address list.
A spokesperson for Facebook was not able to comment on whether the new Friend Finder alterations would be valid for Germany only or if the social network would extend its changes to other parts of the world as well.
"We are very pleased that we have reached an agreement with Hamburg's data protection officer regarding the concerns over the Friend Finder, and we are looking forward to continuing these constructive discussions and dialogue," the spokesperson wrote in an e-mail sent to Deutsche Welle.
Alterations won't change much, privacy experts say
Facebook is "light-years" away from adequate regulations, privacy experts say
However, some privacy experts are unmoved by Facebook's change in policy.
Thomas Hoeren, a professor at the Institute for Information, Telecommunication and Media Law at the University of Muenster told Deutsche Welle that the recent changes won't be enough.
"It's still not perfect, but it's certainly an improvement to previous regulations. But I doubt that the alterations will solve the problem," he said.
"Rights of third parties are affected and Facebook can't shift its responsibilities onto others. If Facebook provides such an infrastructure, that's a contributory infringement and Facebook can't just pass that on to the user."
This view is echoed by Viktor Mayer-Schönberger, a professor of Internet governance and regulation at the Oxford Internet Institute in the United Kingdom.
"It's a step in the right direction, but Facebook is light-years away from adequate regulations for data protection and privacy in terms of European regulations," he told Deutsche Welle.
"As a user one still does not have complete control. In fact, by default Facebook is in control. But this is no longer sufficient for a lot of people. Startups such as Diaspora or MyCube allow users to be much more in control as they can decide more easily and precisely what, with whom and how long they want to share certain things online."
Pressure mounting from users and authorities
The new Facebook policy took effect on Monday
Facebook, on the other hand, only responds when there is a lot of pressure from users and regulatory authorities, Mayer-Schönberger added.
As non-users now have the possibility to opt-out from being solicited by Facebook, many ask: why do they have to?
Caspar, the Hamburg privacy official, is well aware of current limitiations.
"The opt-out principle provokes the question: 'Why do third parties have to approach the companies?'" he said. "This had been the case with Google as well. This is a problem, but we have to see what is doable and what is not."
According to Hoeren, a total opt-in approach would be the best solution.
"It would allow Facebook to only use data that I, the user, have submitted about myself."
Still, Caspar has come a long way - previously, Facebook had argued that only American law applied as long as user's data was only being processed in California.
"We can't keep Facebook from using data from third parties altogether," he said. "If one would consequently exclude data from third parties, then pictures with non-users wouldn't be allowed at all."
Author: Sarah Steffen
Editor: Cyrus Farivar