Information & Ethics Committee on Nov. 27th, 2012

Mr. Chair, committee members, my name is Rob Sherman, and I am Facebook's manager of privacy and public policy. Thank you for giving me the opportunity to speak to you about Facebook's commitment with respect to protecting personal information.

I will address the committee today in English.

At Facebook our mission is to make the world more open and connected. We're committed to providing an innovative, industry-leading service, helping people to connect and share with each other online. We're equally committed to providing privacy tools that enable people to control the information they share and the connections they make through our platform. The trust of our users is fundamentally important to us at Facebook.

Thanks to the transformative effects of social technology, people can enjoy constant connectivity, personalized content, and interactive social experiences across a range of devices. On Facebook, for example, people have a highly individualized experience that's based on information that their own unique circle of friends has shared. Canada, with 18 million monthly active users, is among the most engaged Facebook populations in the world. Four of five Internet users in Canada are on Facebook.

The growth of this interactive social web has brought tremendous social and economic benefits to society, and we're heartened to see the growing use of Facebook in Canada. Members of Parliament use Facebook to reach their constituents, and small businesses in Canada increasingly are relying on Facebook and other social media to generate exposure for their companies, increase sales, and obtain new business partnerships.

As an example, Shopify, an Ottawa-based e-commerce software company, has seen a 31% increase in referral traffic coming from Facebook since June of this year. The online retailer eLUXE increased newsletter subscriptions 37%, again on Facebook.

Facebook provides a platform for thousands of active developers in Canada to build applications, products, and games. Through our preferred marketing developer program, Facebook offers support and resources to Canadian companies that are building these products and these companies in turn are able to provide highly skilled jobs in technology and generate millions of dollars in revenue in Canada.

While economic development and social engagements are critical benefits of the Facebook service, we believe trust is the foundation of the social web. People will only feel comfortable sharing online if they have control over who will see their information and if they have confidence in the people who will receive it. Facebook builds trust first and foremost through the products and services that we provide.

We realize that people have different approaches to sharing information on our service. For example, some people want to share everything with everyone. Some people want to share very little with a small audience, and most people are somewhere in between.

So a one-size-fits-all approach to privacy would never satisfy every person's expectations. Instead, we strive to create tools and controls that help people understand how sharing works on Facebook, so they can choose how broadly or narrowly they wish to share their information. A key focus of our business is our commitment to basic principles of transparency and control.

I want to highlight our work in these areas and provide an overview of the steps we've taken to demonstrate our accountability. With respect to transparency, our goal is to be transparent and open with our users about how their data may be used. We recognize that long and complex privacy policies can make it difficult for people to understand how their information is being used, but we also believe it's important to provide people with specific and concrete information about our data management practices. For these reasons, we designed our data use policy to be both easy to understand and comprehensive. The policy, which is accessible from almost every page on our website, describes in plain language our data use practices and includes a straightforward guide to privacy on Facebook.

We use a layered approach, summarizing our practices on the front page, and then allowing people to click through the policy for more details. Content is organized by topic, which lets people find exactly what they're looking for quickly and easily. People who want to read the entire policy on one page can do that as well. If they have questions about specific issues, they can find an answer by conducting a search within our help centre.

We wanted to provide the information people want to know in the way they want to receive it, so we designed Facebook's data use policy based on feedback from users, regulators, and other stakeholders. When we announce proposed changes to our data use policy or our statement of rights and responsibilities, we give people the ability to comment on changes before they take effect. Our choice to give users a significant role in how Facebook operates, and to seek their input before we make these policy changes, reflects a leading best practice in our industry.

With regard to control, in addition to our commitment to transparency, we continue to find new and innovative ways to build individual control into the user experience. Over the past year and a half, for example, we've launched more than 20 new privacy-enhancing tools that empower people to control their information. Whenever people post on Facebook, our inline audience selector enables them to determine the audience with whom the post will be shared. Importantly, these controls are available at the exact moment and in the exact context in which the person is making a decision about his or her data. In other words, if I post a picture of my family on Facebook, I can decide then and there who will see that photo.

Facebook's activity log allows people to see all their posts in one place. They can review privacy decisions they've made, change the audience for their posts, and delete posts altogether. We also inform people when someone else has identified them in a post. This is a process we call “tagging”.

Tagging is an innovative privacy-enhancing technology, giving people control over information that's shared about them on Facebook. If people don't like a post they're tagged in, they can take action. For example, they can remove the tag, report it to Facebook, or send a message directly to the person who posted it. We're proud to give users this control, because we value their privacy and their trust.

In November we launched more prominent and detailed privacy information, presented to new users during the sign-up process on Facebook.

Another tool we offer is “download your information”, a place where people can download an archive of information associated with their Facebook accounts, including photos, posts, and messages. This tool makes it easy for people to take their information with them if they want to use it elsewhere.

Finally, we offer an application dashboard so people can review the specific kinds of information each application can access on Facebook and make choices about what access apps should have to their Facebook accounts going forward.

Transparency and control don't effectively promote trust unless we're accountable to our users and to our regulators for honouring the commitments that we make. To that end, we implemented a comprehensive privacy program that incorporates privacy by design. This program involves a broad cross-functional privacy review of products at all stages of development and before they're released.

The Irish Data Protection Commissioner recently completed a comprehensive audit of Facebook's privacy practices and indicated that he “found a positive approach and commitment on the part of Facebook to respecting the privacy rights of its users”. The audit report described Facebook practices in detail, and summarized additional ways we're working to improve privacy protections that we offer.

Following guidance from the Federal Trade Commission, we've established a biennial independent audit to ensure we're living up to our privacy commitments.

Finally, a word about family safety. As we work each day to earn the trust of our users, we recognize that we must focus our efforts on the interests of the entire Facebook community, including the teens who use our service. To properly educate and engage young people on how to safely use the Internet, communication between parents, teachers, and teens is vital. To facilitate this conversation, we provide resources on security awareness and online safety. Our family safety centre, for example, contains specific content for parents, teens, educators, and law enforcement. A Facebook safety page provides dynamic safety content that people can import directly into their newsfeeds. We've also established a safety advisory board, an expert organization with many internationally recognized safety experts who provide us with advice on products and policy.

In Canada, Facebook has taken the initiative to address local safety issues. During bullying awareness week, for example, we partnered with Canadian non-profits to launch the “Be Bold: Stop Bullying” campaign. This campaign centres around an interactive social pledge app and a resource centre that contains educational materials on bullying prevention.

Facebook is always striving to develop better tools to keep and build the trust of those who use our services. We look forward to continuing our dialogue with the special committee, the privacy commissioner, Parliament, and other stakeholders about how government and industry can work together to best promote economic development in Canada while protecting the privacy of Canadians.

Thank you again for the opportunity to testify today.

Sir, first I should say thank you for your interest in Facebook and for your use of our community. We appreciate it when people are engaged with our service and use it to communicate.

As you note, we have recently seen a number of people posting comments on their Facebook timelines that say essentially, “I don't want Facebook to own my content”. The concern is that if you don't post this statement on your timeline, then Facebook will own your content.

That's not true. We say in our data use policy that the users who post content own it. They give us a limited right to use it in connection with Facebook, while it's on Facebook, but they own the content and they have privacy settings that control how it's used.

We've tried to engage, over past day or so when this has come up, in communications with our users in a number of different ways, to help them understand that this is the case and isn't something they have to worry about.

For example, we have a Facebook and privacy page where we've posted some information about this and a link to our policy so that people can read the statement for themselves. We have a fact-check section that we've launched on our website, so where there are rumours that people want to know more about they can go to that place and find it. Obviously, we've talked to the media as well. We hope that people will feel comfortable sharing on Facebook.

We take all of the data that's stored on Facebook incredibly seriously. We have a dedicated team of professionals working to promote and protect the security of all data that our users store.

In that regard, we treat Facebook messages the same way we treat other data. We protect it; it's stored in dedicated data centres that have access controls, procedural controls, to prevent people from getting access to them.

While nothing is entirely secure on the Internet, we hope that people feel very confident in communicating on the platform.

The issue you raise is an incredibly important one. When we first heard about it, we took it very seriously. We had a dedicated team of staff look into the issue.

What we concluded was that no private messages were being posted publicly—

Maybe it would be worth talking after the hearing. We could get some more information on those specific instances. If that did happen, we certainly don't want it to happen. We want to do what we need to do to stop it.

With regard to the situations that we investigated—and we investigated all of the situations brought to our attention—we found that these were older public messages, where people had communicated before they were using private messages separately. So these were just where people had communicated back and forth on each other's walls—this was being shown in “timeline”—but they weren't private messages. We were able to confirm in a number of different ways that this was the case.

But if you think your particular situation is different from that, we should certainly follow up on it.

I agree, and certainly we've spent a lot of time thinking about it. If these things happen, I agree with you, it's a very serious issue, and it's something that we need to take steps to look at.

Just technologically, the way Facebook operates is that the private messages and the timeline are on different systems, so it actually would take a fair amount of work for us to integrate them. That is one other reason why we have some confidence that this hasn't happened. But again, we want to be exhaustive in making sure this hasn't happened. We can follow up and make sure that we've looked into this upsetting situation.

As you point out, there are law enforcement agencies that do seek to get access to information on Facebook. We try to be, one, incredibly protective of our users in a way that balances the needs for law enforcement to conduct legitimate investigations against users' privacy; and two, transparent with our users with regard to the policies we use when responding to those requests.

We don't publish transparency reports in the same way that Google does. We publish our law enforcement guidelines on the web. Anybody, whether a law enforcement officer, a citizen, or a user of Facebook, can take a look at what standards we use to decide on responding to law enforcement requests, and what circumstances we'll disclose, and what circumstances we won't. We hope that people will feel comfortable in terms of understanding that they know the process we use to make those judgments.

I appreciate your comments with regard to the data use policy and the statement of rights and responsibilities. We take very seriously the obligation to be transparent with our users. We try to present information about our data use practices in a number of different ways that are easy for people to understand. So I'm glad to hear you've found that the data use policy falls into that category.

The provision of the data use policy that you mentioned talks about the information we receive. Largely this is consistent with the way most websites on the Internet operate. Whenever you click on something on Facebook, whenever you interact with something, your Web browser sends a message to Facebook that says, send me back this information. So we keep records of those interactions. Those are retained on an ongoing basis. We have, for different kinds of information, different retention periods, so in some cases information will roll off, and by “roll off” I mean either be deleted entirely or be rendered anonymous by removing personal identifiers on a rolling basis, typically every 90 days for social plug-in impressions, for example. With regard to other data, there are different retention periods.

You mentioned search information specifically. When people search on Facebook, we collect that information, as I've said. We store it in an activity log, which is one of the tools I've talked about. That allows you to go back and look at all the things you've searched for. You can delete those any time just by clicking the delete button that appears next to each search. The goal there is, again, to be transparent with people about the information we have. That information is used right now to improve the service so we can make our search functionality better by knowing what people are searching for and what they're clicking on. Those are the main purposes for which we use that information. There are also our technical, debugging kinds of uses as well.

You also raised a second question with regard to our business model and how Facebook makes money. I think it's an important point that we try to stress to our users and to make sure people understand. The main Facebook business model is we operate Facebook and offer it for free to users who want to use it. In exchange, we pay for it by showing advertising on Facebook. We have a page called “Ads on Facebook” that provides information about how this works. In general, when you post information on Facebook, for example, information about your interests, you like a page that is relating to a particular topic, that's information we might use to decide which ads to show you.

Advertisers will come to us and will say I'd like to show this ad to people who are interested in a particular topic. We'll show the advertising to the users. Obviously we don't provide individual information back to the advertiser about who's seeing the ad, but we'll provide general information that a certain number of people have seen the ad. That way we hope we give people control over the information they've given to us, but that we also are able to use that information to show them advertising that's more relevant to them than what they otherwise would receive.

With regard to the settings on Facebook, we try to be very clear with people about the way that settings work. A centrepiece of the way in which our service operates is what we call “inline” privacy controls. That means if you put a piece of information on your timeline, right next to it you'll have a button that will allow you to choose who will be able to see that information. In some cases, the default, meaning the setting that it's at when you first create your Facebook account, is public. Then, too, there are other situations where it might be something other than that.

In general, our view is that providing information publicly helps people to communicate and connect. We think there's real value in enabling people to share. When you look at other social services on the Internet, you see that many of them are generally public by default. We think encouraging people to engage in a public discussion is helpful and promotes our community.

That said, we think it's also important for people to make their own decisions about what information they want to share and with whom, which is why we see a lot of use of that setting. We see people who choose to share their information with friends, or with a more narrow group in some cases. Some people choose to post things to “only me”, which is the setting we use to suggest that only you will receive that information. You can remember it for later and have access to it, but it won't be shared with other users on Facebook.

We think providing a platform that enables social integration but that also empowers people to make their own choices is the right approach.