Zuckerberg On Who Owns User Data On Facebook: It's Complicated

When Facebook recently changed its terms of service to no longer allow users to delete their data when they leave the service, it justifiably created an uproar. Just what is Facebook planning to do with this data, and isn’t it mine to delete if I wish. In a blog post, Facebook CEO Mark Zuckerberg tries to calm everyone down.

Essentially, he says that the issues are not so cut and dry. When you share your data with someone else, whether it be an email or a photo, it becomes their data as well. You cannot normally rescind data you share with other people in an e-mail. So why should a social network be any different? Zuckerberg explains:

Our philosophy is that people own their information and control who they share it with. . . . One of the questions about our new terms of use is whether Facebook can use this information forever. When a person shares something like a message with a friend, two copies of that information are created—one in the person’s sent messages box and the other in their friend’s inbox. Even if the person deactivates their account, their friend still has a copy of that message. We think this is the right way for Facebook to work, and it is consistent with how other services like email work. One of the reasons we updated our terms was to make this more clear.

In reality, we wouldn’t share your information in a way you wouldn’t want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work. . . .

Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.

Zuckerberg is saying, “Trust us.” But it is difficult to trust a company that is stripping users of rights they’ve become accustomed to, even if hardly any of them ever actually asserted those rights in practice. And the principle that you should be able to delete your data from the Facebook service is one that many would argue trumps the good that is done by letting Facebook keep it. If I upload a picture which I later regret uploading, why shouldn’t I be able to erase it from Facebook forever, even if some of my friends have already seen it? And should there be different rules for different media? Most people consider the messages in their inbox to be theirs, even if the sender wishes they’d never sent it? And as this data is shared beyond Facebook across the Web, who controls what becomes even harder to determine.

Like Zuckerberg says, it’s complicated.