Facebook Gives Users More Control With New “Facebook Login”

Today at f8, Facebook announced a new version of “Facebook Login,” the system that allows Facebook users to log into third-party apps and sites with their Facebook account. The new Facebook Login has a number of new and improved privacy controls, which will be very helpful for users seeking to control the information that gets shared with these third-party apps.

First, the new Facebook Login offers Line-by-Line control, allowing users to pick and choose what information apps will be able to get from their Facebook profile. For example, if a user wants to share their email address with an app, but not their birthday, they can make that choice before using the app. The new Facebook Login will also prevent apps from posting to Facebook without permission.

Second, the new Facebook has a new feature called “Anonymous Login.” This feature does what its name suggests: it provides an easy way for people to log into an app without sharing any of their personal information from Facebook. Users can still log into third party apps using their Facebook credentials (obviating the need to remember additional usernames and passwords), but no personal information from their Facebook profile will be shared. People can decide later if they want to share any additional information, once they understand more about the app.

Third, Facebook is now providing users with a centralized App Control Panel. This dashboard will let users see a list of all the apps they use, manage specific permissions for each app, or remove apps entirely. The control panel as well as all the above features will be available on both desktop and mobile platforms.

“Facebook’s improvements to its Login system are a great addition that will give users even more control of how their information is shared with third parties,” said FPF Executive Director and Co-Chair Jules Polonetsky. “Studies have shown that some users have avoided using social log-ins because they weren’t sure what data would be shared. Facebook’s new changes should make users more comfortable using social logins.”

Press Release: EU-US Safe Harbor Essential To Leading European Companies

NEW FPF STUDY DOCUMENTS OVER 150 EUROPEAN COMPANIES PARTICIPATING IN THE US-EU SAFE HARBOR PROGRAM. FROM MAJOR EMPLOYERS SUCH AS ALCATEL LUCENT, ADIDAS, BMW, NOKIA TO FAST-GROWING START-UPS LIKE APP DEVELOPER MIND CANDY, EUROPEAN COMPANIES DEPEND ON EU-US AGREEMENT

_____________________________________________________________________________________

The Future of Privacy Forum has conducted a study of the US-EU Safe Harbor program run by the United States Department of Commerce and has documented that more than 150 European companies are active Safe Harbor participants.

Recently, some European policymakers have called for an end to the Safe Harbor program, while others have called for the program to be improved.  FPF believes that simply terminating the program would have negative consequences for data protection and for companies and consumers not only in the United States, but in Europe as well.  FPF has previously noted the consequences of termination for those European employees who rely on the Safe Harbor program for the processing of their human resources data.¹ FPF’s new study reveals that termination would adversely impact many leading European companies as well.  To date, 152² active Safe Harbor member companies are headquartered or co-headquartered in European countries.  These companies include some of Europe’s largest employers, across a wide range of industries and countries, including:

 

These and other participating European companies depend on the Safe Harbor program so that their US subsidiaries can effectively use data for research, to improve products, to pay employees and serve customers. These companies would therefore be severely burdened and disadvantaged by termination of the program.  FPF agrees with the need to improve the Safe Harbor in a number of key areas and has detailed these recommendations in a recently-released report.³  Given the importance of this mechanism to companies and consumers on both sides of the Atlantic, FPF recommends that the Safe Harbor arrangement be preserved and improved.

Methodology:

For the full list of European companies in the Safe Harbor program, or to schedule an interview with Christopher Wolf or Jules Polonetsky, email [email protected].

­_____________________________________________________________________________________

ABOUT FUTURE OF PRIVACY FORUM

Future of Privacy Forum (FPF) is a Washington, DC based think tank that seeks to advance responsible data practices. FPF is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes an advisory board comprised of leading figures from industry, academia, law and advocacy groups.



1 http://fpf.org/2013/12/20/the-libe-committee-wants-to-suspend-the-safe-harbor-along-with-thousands-of-eu-employee-salaries/

2 The survey does not include those global companies with EU offices and as a result is a conservative estimate of impacted European companies.

3 For a comprehensive list of FPF’s recommendations, see The US-EU Safe Harbor: An Analysis of the Framework’s Effectiveness in Protecting Personal Privacy, available at http://fpf.org/wp-content/uploads/FPF-Safe-Harbor-Report.pdf

The Need for Privacy and Technology in our Schools: Rethinking Privacy in Education

Last Thursday, Jules Polonetsky participated in a Congressional E-Learning Caucus Briefing on “Data Privacy in Education” on Capitol Hill. Moderating the discussion was Intel’s David Hoffman, who today summarized his thoughts on the event:

The demise of inBloom and many of the findings of the Pew research point to a need for continued dialogue on the issue of education privacy. . . . While transparency and parent engagement are critical, we need to supplement them with a better understanding of how organizations should use student data. We ask all of you to join us in that effort, and help us describe what ‘the appropriate and accountable’ use of data means in education.

His complete thoughts are available at Policy@Intel.

FPFcast: Can Intellectual Property Law Inform Privacy? A discussion with Eric Goldman

April 25, 2014: Can Intellectual Property law inform Privacy? A discussion with Eric Goldman

[audio

In this podcast, FPF Legal and Policy Joe Newman talks with Eric Goldman, Professor at Santa Clara University School of Law, Director of the High Tech Law Institute, and a new member of FPF’s Advisory Board. Professor Goldman discusses the problems that arise when trying to incorporate property law concepts within privacy debates.

It’s no surprise that personal information today is a hot commodity, bought and sold by thousands of entities daily. Companies like Covata and Personal tell consumers they can “Own their data,” suggesting that personal information be characterized as property. Goldman discusses the history of privacy thinking with respect to the idea of “data” as “property” and the general reluctance of privacy thinkers to export intellectual property law concepts to cover privacy. General cynicism about the effectiveness of IP law in the 1990s made many fear that once data was “propertized,” companies “would just find easier ways of grabbing that data,” at the expense of consumers. “People’s norms about property get really weird,” Goldman notes. “A lot of the time the label ‘property’ actually distorts the conversation in fundamental and often unhelpful ways.”

 

New Mobile Tracking Dos and Don’ts from Apple

We wrote in the past about how Apple was addressing privacy concerns about mobile tracking by restricting the identifiers that mobile developers can use to track devices. Apple announced in 2011 that developers moving forward would only be permitted to track an iOS device using Apple’s new Advertising Identifier (IDFA).  Despite the fact that this identifier was specifically labeled as for advertising purposes, some companies assumed it could be used for analytics as well.

However, in February, reports began to surface indicating that the App Store was rejecting new apps that used the IDFA for analytics but did not host ads. This raised the concern that analytics were not going to be allowed for any purpose.

In its new iTunes Connect module for developers, Apple explains how the IDFA can and cannot be used within apps distributed on the App Store.

Developers must now specifically indicate as part of their app submission to Apple whether they use the IDFA to serve ads within an app, as well as whether they attribute app installation or other actions within the app to a previously served advertisement. Thus, Apple is permitting the use of the IDFA for serving ads and tracking conversion events.  Other limited uses of the IDFA may yet be permissible, as Apple suggests that developers contact them if they believe they have another acceptable use for the identifier.

As we have mentioned before, The IDFA is subject to a user controlled privacy setting labeled “Limit Ad Tracking” and found within “Settings –> Privacy –> Advertising –> Limit Ad Tracking” in iOS 7 (in iOS 6, the setting is at “General –> About –> Advertising –> Limit Ad Tracking”).

The new language also clarifies that an application, as well as any third party that interfaces with the application, is subject to the new rules. More discussion of the new iTunes Connect module can be found at TechCrunch here.

Google Updates Developer Program Policies with New Rules for Ads

Google has recently updated its set of rules that developers must follow when distributing apps on the Google Play store. The updated rules are designed in part to guide developers in promoting their apps. The rules prohibit apps from promoting themselves through deceptive ads (for instance, by simulating a Google service or app notification), misleading install tactics or unsolicited SMS messages. Google has also expanded its restrictions on acceptable app behavior, curbing “erotic” content, links to malicious software and apps that alter a device’s browser settings or bookmarks.

Google’s new policy also increases transparency surrounding in-app purchases: “If your product description on Google Play refers to in-app features to which a specific or additional charge applies, your description must clearly notify users that payment is required to access those features.” These changes should help to boost confidence in the ever-expanding mobile app ecosystem.

Also, note that while not a new addition to the Policy, developers should be aware of the approaching August 1st deadline for moving app tracking based on the “Android ID” to the new “Android Advertising Identifier.” After the deadline, all apps may track using only the Advertising ID and may not link it to any persistent identifier such as a MAC address without the explicit consent of the user. For more information on Google’s developer policy, visit the Android Police site.