05/17/2012 12:13 pm ET Updated Jul 17, 2012

Facebook: Before You Buy

By Meg Roggensack and Marshall Thompson
Business and Human Rights

What investors should know ahead of Facebook's IPO. View PDF Version»
  • Much of Facebook's IPO projected income depends on entry into China, a nation that is hostile to privacy and free expression. 

    But what is Facebook's plan for staying in China? Google quit China after determining that dealing with authorities undermined its brand and put its trade secrets at risk. China, like other oppressive countries, is hostile to privacy and free expression. To operate in China, Facebook would likely have to partner with search engine giant Baidu, which already complies with China's censorship regime, the Great Firewall.Censorship is standard operating procedure in China; that's the cost of doing business there. But the Chinese government is likely to demand more than just compliance with the Great Firewall. If it asks Facebook for information about activists -- which it could easily do under its overly broad state secrets law -- would Facebook provide it?

    There are undoubtedly some things Facebook would refuse to do under government pressure. Where and how will it draw those lines? Does Facebook have policies to guide such decisions? Will it make them public? An ad hoc policy whereby it responds to government demands on a case-by-case basis is insufficient. Facebook should establish clear policies to guide its actions as it responds both to the demands of governments and the needs of users. And it should make them public so that the outside world can evaluate its actions according to Facebook's own standards.

    Potential investors should understand the business risks companies like Facebook take on when they fail to protect the rights of users. If Facebook is serious about being the industry leader on privacy, it should use its mega-IPO to tell the world what that means by including an explicit human rights section in its written privacy policy.

  • Facebook's privacy policies have come under fire for lack of transparency. 

    Concerns about privacy issues deter potential users. According to a recent survey, 21% of people who don't use Facebook named privacy concerns as the number one reason. The Federal Trade Commission recently ordered Facebook to be clearer with users about its privacy policies and to undergo regular independent review. The FTC review follows similar ones in Canada, Sweden, Ireland, the UK and Germany. Taken together, they establish that Facebook's privacy policies are prohibitively confusing, make it difficult for users to protect personal information, expose to disclosure information users believe is private, and are changed without adequate warning or consent from users.Facebook's privacy policies distinguish between what it calls "your information," which includes registration information and information users post about themselves, and "information" about you, which includes the vast amount of data that Facebook collects about users. The FTC order requires Facebook to make disclosures and obtain affirmative consent before sharing "your information" with third parties, but doesn't restrict sharing "information" about you. In addition, Facebook's settlement with the FTC also requires it to clearly and prominently disclose to users specifically how and when their information is used, maintain a comprehensive privacy program to address existing and foreseeable issues, and submit to a privacy policy assessment by a qualified independent assessor every two years for 20 years.

    Access to some of Facebook's privacy settings, however, remains needlessly difficult and opting out of some policies can require users to take multiple steps.

    Facebook has proposed changes to its privacy policy that make it clearer what information users can and cannot control. Facebook is currently taking user comments on the changes through its governance page and will finalize the updates on May 18, the same day as the IPO. A document with the proposed changes can be found here.

  • The Global Network Initiative provides assurance that companies are taking steps to address these challenges.The Global Network Initiative (GNI) is a multi-stakeholder organization that protects online freedom and privacy in the face of government pressure on companies. Company members of GNI incorporate its guidelines into their policies and practices and undergo independent assessments of their efforts. In addition, GNI members work collaboratively to identify and address emerging threats stemming from government practices and policies that might limit or degrade online services.

    Human Rights First hopes that Facebook will use its time as an observer of the GNI to prepare to become a full member and adopt the corresponding obligations including implementing GNI principles and committing to accountability. This would address ongoing concerns about Facebook's commitment to online privacy and free expression.