The Facebook DC Talks LIVE page streamed a discussion that lasted over half an hour of questions and answers between three Facebook employees: Sarah Feinberg, Director of Policy Communications and host of the conversation, Katherine Tassi, Head of Data Protection at Facebook Ireland, and Rob Sherman, Manager of Privacy and Public Policy.
Earlier this week, Facebook, the world’s largest social networking company with almost one billion users, lunged into the hot seat when it proposed changes on users’ privacy rights and abolished the right to vote on future changes to its privacy policies.
Privacy groups aired their frustrations and requested Facebook CEO Mark Zuckerberg to reconsider, but Tassi and Sherman begged to differ and defended Facebook’s decision.
In the discussion’s offset, Feinberg explained the company gathered them to discuss the proposed update on its governing documents for data use policy and Statement of Rights and Responsibilities (SRR).
Sherman said most online firms would not give users access to join such discussions. He added, “We want our site governance process to be interactive. We’ve tried to have this be a dialogue.”
He said the voting mechanism for users provided neither the best nor the specific feedbacks. The proposed changes, he added, will give more substantial feedbacks and will provide people a way of giving meaningful facts. He said Facebook will combine this substantial feedback with expert advice and deliver the best answer.
Tassi, who leads the team responsible for Facebook’s user data protection outside of the U.S. and Canada, said the firm will assure all locations are covered by its data protection rules. She said Facebook users only have until Monday to vote on changes.
From here onwards, the conversation addressed concerns from Facebook users who sent their queries. For example, Sherman managed to pitch in one issue how users should take advantage of Timeline controls to limit exposure, while Tassi pointed out a working relationship between Facebook and the Irish Data Protection Agency.
Facebook said the privacy voting system is user-friendly. It asks users to choose between existing or revised options, and the firm urges users to share the voting experience with Facebook friends.
For those who are more into reading (or are reading this from a mobile device), we tried hard to write down the whole conversation as accurately as possible.
Live Webcast Members:
SARAH FEINBERG – Director of Policy Communications at Facebook
KATHERINE TASSI – Head of Data Protection at Facebook Ireland
ROB SHERMAN – Manager of Privacy and Public Policy at Facebook
FEINBERG: We are having a live webcast to talk to users and take questions from users about the proposed updates to our data use policy and our statement of rights and responsibilities. Now, as most people who are joining us know, these are the two documents that govern our site. And so I’m going to talk a little bit about what I’m going to do today, and then I’ll introduce our guests.
First of all, I want to introduce myself. I’m Sarah Feinberg. I’m the director of policy communications at Facebook.
Today, we’re going to take a lot of user questions about the proposed changes to the data use policy. If you’re joining us live, all you have to do is click on the green “Talk to Us” button, and you’ll be able to submit a question.
I also want to introduce my guests today. We’ve got Katherine Tassi, who is from the Facebook privacy team, and Rob Sherman, who is from the Facebook privacy team. I’ll let them introduce themselves and tell them a little bit about themselves.
TASSI: Thanks, Sarah. I’m Katherine Tassi. I’m the head of data protection for Facebook Ireland, which is Facebook’s European headquarters. Facebook Ireland is responsible for bringing all the Facebook services to all non-North American users.
SHERMAN: I’m Rob Sherman. I’m the manager on the Facebook privacy team. I work closely with our chief privacy officer and with our product teams in building Facebook in a way that protects our users’ privacy.
FEINBERG: OK. Two Facebook privacy experts here, governing all Facebook users and their data. Thank you for joining us in the studio, and we will go ahead and get to user questions.
So first of all, a lot of user questions that have come in seems to focus on how and why Facebook is changing the site governance process, so I think we should address this. For example, [Kareem?] in Australia asks us what our plans are for the future around us. Rob, do you want to address that?
SHERMAN: Sure, Sarah. So, I think the thing to know about this is that we really want our site governance process to be interactive and substantive to get meaningful feedback from our users about the decisions that we’re proposing.
What we’ve tried to do I think, as what most people know, there aren’t a lot of sites on the Internet that propose changes and get comments from their users, or, for that matter, that put their comment…their changes out for a vote. What we’ve tried to do is to have this be a dialogue where we’re actually doing better based on the feedback that we get from the people who use our site.
What we found with the existing process is that, instead of getting substantive specific feedbacks things that we could actually improve on, some people were submitting comments that weren’t actually giving us specific feedback to get to the number of votes – the number of comments that would trigger our vote. What we want to do is give people a way of providing us with meaningful feedback so that we can actually have that discussion and we can do better.
I think, in this process that we’re in now, I think that’s one thing that you’ve seen: that we proposed some changes and we got comments in a couple of areas where people had questions about what we’re proposing, or what the motivation was behind the fickle change. I think we’ve tried to address those, and that would be the model for how we would move forward in the future.
In terms of what specifically the future holds, I think this Facebook Live is one thing that we’d like to do to have a better dialogue. We’d like to take questions from our users and make sure that we’re being responsive. We’ve already announced that our chief privacy officer, Erin Egan, is going to be doing a Q&A session. Through the Q&A column, and on a regular basis, people can send in questions and she’ll answer them. We’re also looking for other feedback just from other people about what the right way to do this is, and how we can better increase the substantive dialogue that we have on our site governance issues. We’re talking with experts in the field to understand what are ways that we can do this. I think our process already is pretty unique on the Internet, and we want to make the most of it that we can.
FEINBERG: Got it. So that’s a live-grade information about what we’re going to do going forward. On the crust of this issue, your basic point is we’re trying to introduce a way to get substantive feedback from our users as opposed to the quality of comments.
We’ve got a question…Susan from Georgia. She writes, “You mentioned Facebook, Inc. and Facebook Ireland in your blog post explaining the changes. Can you explain what each does?”
Katherine, that’s probably a great question for you.
TASSI: Sure. As I mentioned just a little while ago, I work on data protection for Facebook Ireland, which is our European – and really our outside of the United States headquarters. Facebook Ireland is responsible for bringing the Facebook services to all of our Facebook users outside of the United States and Canada, which means that Facebook Ireland is involved in the decision-making and policymaking with respect to what Facebook can do with its users’ data, how Facebook protects its user data, etc.
Facebook, Inc. is the U.S. headquarters of Facebook. Facebook, Inc. is responsible for bringing the Facebook service to the users in the United States and Canada.
Since we have a global service, Facebook Ireland and Facebook, Inc., the sort of world headquarters and U.S. headquarters, work together to ensure that the products that are developed by Facebook and brought to Facebook users comply with European data protection law, U.S. law and Canadian law.
FEINBERG: Got it. Omar from New York asks, “One of your proposed changes was adding language about how people can control the information they post. For example, what’s on their Timeline. Can you explain this change and tell me how people can control who sees what they post?” This is a great question. Something you get a lot, Rob. You’re probably the perfect person to answer this question.
SHERMAN: Sure. We have language already in our data use policy that explains how this control works. What we propose to do is to add some more tips that provide some more contacts and information for people. The main thing to know about this is that we have privacy settings that apply to specific things that you post. When you post, there’s an icon in a word like “Public” or “Friends” that appears next to the post button. That’s the main thing that you want to pay attention to. If I’m posting a picture of my family and I only go to friends, I just make sure that that indication says “Friends” before I click Post. That’s my way of controlling who can see it.
We also have something called the “Timeline visibility control”, which is different from that, and that is more of a cosmetic control that lets you choose – there may be things you want to be visible on Facebook. In other ways, for example, in search results for news feeds or in relationship pages but you may not want to show in your Timeline. The Timeline visibility control allows you to hide something from your Timeline but allow to show up in other places. Of course, the last control that you have is that you can delete information that you’ve posted entirely.
FEINBERG: Got it. A lot of controls there. [Sima?] from the UK asks, “You talk about working closely with your regulators, including the Irish DPC. How does that work and what do they regulate?” Katherine?
TASSI: The Irish Data Protection Commissioner regulates Facebook Ireland, and Facebook Ireland works closely with the Protection Commissioner to ensure that we are complying with Irish data protection law. We consult with the Irish Data Protection Commissioner on a regular basis, including during this comment period for the data use policy, to both give the commissioner information before we do something and also to get guidance to ensure that what we’re doing is keeping with the Irish data protection law.
FEINBERG: Makes sense. Bridget from Illinois asks, “About the addition of language on the data use policy about sharing information with affiliates (This is something we’ve heard a lot about in the last few days. Katherine, you’re probably a great person to answer this question). Can you tell us more about what this means – the sharing of information with affiliates?”
That’s the same with Facebook. For example, we’ve got Facebook, Inc., we’ve got Facebook Ireland, as I’ve mentioned. We’ve have other European affiliates as well.
That provision is really just explaining that, in order to provide the services efficiently and effectively, it requires some sharing of information between affiliates. For example, the sharing that we have to do between Facebook Ireland and Facebook, Inc. is what allows us to be able to have European users communicate with U.S. users. One of the changes that we made in the new proposed revisions was we just clarified that all the sharing complies with all applicable laws, including should in the future we want to have some sharing between affiliates that requires user consent that will obtain that consent.
FEINBERG: Got it. Well, this is one of my favorite questions that we’ve seen come in quite a lot over the last few days. Lee from Georgia asks about a viral name he has seen, mentioning the Verner convention and suggesting that Facebook was changing ownership of users’ content on Facebook. In other words, this copyright name that we’ve seen that spread on the Internet. Rob, can you address that a little bit?
SHERMAN: I can. I’m glad we got the question since we got some confusion about this over the past couple of days. I think the thing that we want to point out here is: our policy is that when you post something on Facebook, you own that content and not Facebook. That’s been our policy. That’s not changing now. We want people to understand that that’s the case. They don’t need to post anything on their Timeline in order to protect that right.
We obviously have a limited right to use information. If you post something, we need to have the ability to share it on Facebook with the people you specify. If you look at our Statement of Rights and Responsibilities, which is one of the documents that you talked about earlier, that says very specifically you own your content. We want people to feel comfortable knowing that’s the case. That’s not something we’re changing as a part of these proposals.
FEINBERG: There’s a site related to Facebook called the Newsroom, where we also try to post comments and statements when means like this pop up on the site. That’s another place for users to check. If something like this starts to spread quickly, you can check the facts section of the Newsroom to see the latest statement involved in it.
I just want a second to remind users who are watching online. They can submit questions by clicking the green “Talk to Us” button. So click the green “Talk to Us” button, submit a question and we can ask Katherine and Rob what you’re interested in.
Another question. Adam in Scotland asks, “That looks like you’ve added language into the personalized ads provision around how ads maybe targeted to me, which imply sensitive information about me or convey sensitive information about me like my religion, my race, or other things. Is that true?”
TASSI: I think we’ve been perfectly clear with users and all Facebook users understand that we have to show advertising in order to make money in order to provide the Facebook service.
The only thing we were trying to do with the addition of this language was to just provide further clarification of different parts of information that you add to Facebook that might be used to inform what ads we show you. For example, if you like pages related to music, we might show you music ads. This language is meant to further clarify that, for example, if you like a page associated with a religious issue or a political issue, you might get an ad related to something religious or something political. It was not meant to signal that we’ve changed our policies in any way.
In this new revision, what we did is we clarified that and we added a link to our advertising guidelines and an insurance that this doesn’t change our advertising guidelines, where advertisers are still not permitted to imply or assert sensitive characteristics such as religion, politics, ethnicity in their adds to you.
FEINBERG: Got it. User Cindy states one thing that would be nice when these changes come about is to have those changes highlighted. In other words, if users could easily determine exactly what’s changing and what’s staying. Rob, do you want to address that?
SHERMAN: I think it’s an important point because we want to make it easy for people to understand what the proposals that we’re asking for comments on are. We’ve done a couple of things to get people that information. One is to post on our Facebook site: the governance page itself. It provides context on what changes we’re trying to make and what changes we’re proposing. If you go on to that page, we provide two other ways that you can understand the specific changes. One of those is what we call an explanation of changes – document that goes through, specifically, here’s what we’re planning to change, here’s why, and provide some context around the changes. We also provide what we call a red line, which is a version of the full document, and then using red text we show the specific changes that we’re proposing to make. The ideas is you should have to read through the whole document to figure out what’s changed. We’re providing specific indication of the changes we’re proposing and where we’re seeking feedback from people.
FEINBERG: When you say red line, it’s really a document that shows exactly what’s changing and exactly what’s staying the same. It’s really easy for users to see.
SHERMAN: It’s one document that includes in black text what’s already there, and then in red text, it shows the things that we’re hoping to change.
FEINBERG: Got it. When we have these webcasts, we sometimes get questions from users that aren’t necessarily related to the topic at hand. But then, let’s take those questions anyway since they’re coming in.
One specific question that we’ve got in the last little bit. Susan from Wyoming: “My daughter sometimes get mean things posted to her Facebook account from her friends or from their friends. What can she do about it?”
That’s a great question about, just in general, content that she may not want on the site or bullying. Rob, can you address that?
SHERMAN: Absolutely. We have a dedicated team of user operations professionals who work to make sure their safe. One of the things that team supports is a report link. When you see content on Facebook that you have a concern about, you can click the report link and then you have a number of different options.
One of them is what we call “social reporting” – rather than reporting a content to Facebook, you can contact the person who posted it through this tool, or contact somebody (a trusted third party) and say, “I have a concern about this content. Will you please take it down?” That’s one option that you have.
You also have the option of reporting it to Facebook directly. If you choose that option, then somebody on the user operations team that I’ve mentioned will look at get the content and make a determination about how it should be handled. You can give an indication about why you are concerned with it.
The other thing that we’ve recently rolled out is a part of your account settings is the support dashboard. That will allow you to see the content that you’ve reported in the past and understand where that is in the process and what the status of our review of that content is.
We really want to make it easy for people at the time that they’re seeing content to flag concerns that they might have, where they think that there’s an issue with content that they’re seeing.
FEINBERG: After a user reports a piece of content, they can actually track where that report is in the process. They can track once a person that Facebook has reviewed that content and where it is in the process.
I think one of the things that we talk about the most when it comes to minors is how important it is for parents to engage with their kids on this topic so that this is a family conversation.
SHERMAN: I think that when you look at our Facebook safety page and other places, we try to provide resources that help create that conversation. About a teenager who’s using Facebook, for example. It’s really important for parents and their teens to have conversations about how they’re using Facebook and for both of them to be familiar with the tools that we offer.
FEINBERG: OK. Here’s a big question that reminds us that we probably have to sometimes take a step back and go back to thirty-thousand feet. We’ve got one question. That is, “Is there a vote going on, where should I go and what should I know?”
We’re about the halfway point. Maybe we could sort of start with a thirty-thousand view of exactly what we’re talking about today.
SHERMAN: Sure. Let me just recap for folks who haven’t followed the whole process. We proposed some changes to our data use policy and Statement of Rights and Responsibilities, which we let changes that we were talking about on this Facebook Live event. We’ve received comments from our users. We’ve made some changes based on the comments that we received. Now we’re holding a vote where our users can express their views whether they think we should adopt the changes or not.
If you want to vote as part of that process, go to the Facebook site governance page. You can just go to the Facebook search bar at the top and type “Facebook site governance” and that will take you there, or it’s Facebook.com/fbsitegovernance. You can click at the top of the page there. There’s a voting link that will allow you to see the two options: the proposed documents or the existing documents that we have. And express your view on whether we should make the changes or not.
FEINBERG: And that vote started yesterday [Monday, December 3] and it will carry through for seven days. Until next Monday, users can actually go and vote.
SHERMAN: One thing that I should note as a part of that: when you vote, you’ll also have the option to share that you’re voting with people. We think Facebook is a great way of sharing things that are important to our friends. We want to encourage people to vote. We encourage the people to use the option of sharing the fact that they voted so they can encourage other people on Facebook to do that as well.
FEINBERG: Great. So just like anything on Facebook, you can share it with your friends or friends of friends and maybe engage others in the process.
One question that just came in, David from Germany asks, “Both your guests are part of your privacy team. How do they work together? What does that mean day to day? Does working for Facebook Ireland and Facebook, Inc. make a difference?”
You two work together all day, every day. You could talk about that a little bit.
TASSI: That’s true. Going back to what I said earlier about how Facebook Ireland has the responsibility for data protection and privacy of all non-North American users; Facebook, Inc., the United States and Canada.
Since both companies are providing service, and since we try to keep our service uniform globally, it means basically the policymakers and the decision makers in both companies have to be involved in the product development process and the decision-making process before any product or feature launches, including things like changes to our data use policy. It has to be approved basically by both companies. This involves a lot of coordination and collaboration between the two companies: our lawyers work together, product people work together, frequently we’re all in the same room or on a live video conference, which happens frequently because we’re in different time zones. We’re all involved in the process in the beginning of a product, taking it all the way to launch so that we can ensure it meets the legal requirements of both companies.
FEINBERG: Basically ensuring that users everywhere are protected not just in one country or one place.
SHERMAN: Exactly. Sarah, one thing that people may not know about what we mean by the privacy team of Facebook: it’s really a cross-functional group of people from both Facebook and Facebook Ireland. But it includes product managers. It includes engineers. It includes legal and marketing and policy people. It includes executives from our companies. What we’re trying to do is to think about privacy at the very beginning of the development process. Both companies are involved in thinking about how we protect users’ data and how we make sure that our products work in a way that makes sense to users and that gives them control over how their data is used. We try to do that from the very beginning through this cross-functional process. That’s something that every time we build a feature on Facebook we try to run through.
FEINBERG: Right. Privacy is not a last minute thing that we consider right before we launch a product. It’s something we think about from the very beginning. There are folks on a bunch of different teams working together all the time to think about that. Got it.
Well, in terms of questions coming in, we’re starting to get a couple of questions again a little bit off topic but certainly worthy of our time.
Bob from California asks, “Many of my Facebook friends are concerned about the security and ownership of our personal and private photos that we post on Facebook. Please help clarify.”
This sounds like a little bit more about the copyright name that we talked about. Why don’t we address that one more time since the question is still coming.
SHERMAN. Absolutely. What we talked about earlier is the general policy that we have at Facebook that you own the content that you post. That by posting on Facebook, it doesn’t transfer ownership of that content to Facebook. That’s automatic. That’s been our policy and it will continue to be our policy.
I know that some people have concerns specifically around photos. As I’ve mentioned before, you have control who can see your photos on Facebook. When you post the photos, there’s an audience selector so you can choose “Public” if you want everybody on the Internet to see it. You can choose “Friends” if you want all your friends to see it. You can choose if you have a list of specific friends, which is a feature that we have. You can do that. You can also post them as “Only Me”. That’s something that I do sometimes where I have a photo that I want to preserve. That I want to keep on my account but I don’t want to share it with others. I make the pictures choose “Only Me”. That’s an option as well, but regardless of which privacy setting you choose, the ownership of that content – the ownership of that photo – stays with you.
FEINBERG: Right. I did the same thing with some of my runs on Nike and I want to keep that information.
A couple of questions from users about their accounts being hacked, or fake accounts. What can they do? Katherine, I know you work closely with Facebook’s security team so maybe you want to address that a little bit.
TASSI: Yeah. It’s an unfortunate thing that sometimes occurs on Facebook: accounts get hacked, people set up impersonation accounts to bully or otherwise harass another user, and sometimes people set up entirely fake accounts which can be used for bad things on the site.
We have a lot of resources for users who find themselves with possibly hacked account, where they find an account has been set up in their name, or where they find a fake account is potentially up to no good on the platform.
The easiest way of getting information about any of these three areas is to just use our Help Center, which has actually been revised recently and updated. It’s full of information. All you have to do is search “impersonation”, search “hacked”, search “fake”, and right away the first set of results you’ll get will take you to relevant information. If your accounts been hacked, you can get it back through a process through our security team. If an account has been set up in your name, you can go through the process of getting that account removed. That’s probably the first place that I would go if you find yourself in any of these situations.
You also find resources on our security, Facebook security page, about all of these issues and many more, as well as our Facebook safety page.
SHERMAN: Katherine, it might be a good opportunity to talk to folks to make sure people understand all the different changes that we’ve made as part of the new Help Center. One of those changes is to provide some key landing points for the questions that we most frequently get. If you click into the Help Center, you can obviously search as you said. We also provide a link for basics of privacy and Facebook if you just want to understand how does privacy work on Facebook and what are my controls. That’s an option. We have a “What’s New on Facebook” if you want to understand what’s changing, what are developments in our product. There’s one easy place to look for that. There’s also a “Report an Issue” option if you have a question like the ones you have been talking about and you want to understand how do you find somebody at Facebook who can help you with that and how do you make sure you get help. There’s a “Report an Issue” that talks about all the different ways that you can contact us.
FEINBERG: That’s a great point. Mary from Florida asks, “I keep hearing that Facebook sells my information to advertisers so I shouldn’t get on the site. Is this true?”
This is one of my favorite questions because a lot of users have this question and I think the media has the tendency to report constantly that data is being sold here and there. This is a good opportunity to address this.
Selling of information to advertisers. Rob, would you like to address that?
SHERMAN: I think this is something that we hear frequently. It’s important to clarify. We don’t sell information about our users to advertisers. As Katherine described the way that Facebook makes money to operate is by showing advertising to users based on things that they’ve told us that they’re interested in.
The way that works is that an advertiser may come to us and say, “I’d like to show this ad to people who are interested in cars.” Now if you’re somebody who’s told Facebook that you’re interested in cars, then we might show that advertisement to you. But we don’t go back, unless we have your specific consent, to the advertiser and say, “This is the list of people who have seen that.”
We’re able to do this in a way that doesn’t sell individual information about our users to advertisers. That doesn’t enable advertisers to reach users with information that they’d be interested in.
FEINBERG: Right. Randy from Ohio asks, “Are you changing the default settings for who can view your posting? Are my postings more public by default now?”
In other words, this question is in the data use policy changes that are being proposed right now. Is there a change in there that by default makes a posting more public than a user might want?
SHERMAN: This is a question that relates to the audience selector that we talked about earlier. When your posting, there’s a selection that says “Friends” or “Public” or something else next to the Post button. The way that that setting works is it remembers the last thing that you posted – the last audience that you chose. If I previously posted or I talked about my family picture, if I previously posted my family picture and made it visible to my friends, the next time I’m going to post, the default will be Friends. Obviously, I can change that going forward. That’s up to me and each person has an individual default that is based on the last setting that they chose. That’s not something that we’re proposing to change as a part of these edits.
FEINBERG: Got it. I know we’ve got a few minutes left so I this is probably a perfect question to take right now. Ted from New York says, “I’ve got some ideas about more things Facebook could be doing around: getting user feedback, improving your comment process, and improving your voting process. Where can I send you my ideas?”
SHERMAN: I think the best place to send ideas is on our Facebook privacy page. This is a page that the privacy team at Facebook maintains and you can post a comment there. We read those and those we bring back to the team to help us engage in discussions about how we can improve. We definitely want that feedback. In addition to that page, which is always available, you can clip it, choose Contact Us – within just about any aspect of the site. As I said, we’re going to try to do more specific events where you can engage in feedback or you can provide information. There are a lot of different ways to reach us and we definitely want to hear from folks.
FEINBERG: That’s right. A similar question that has come in, “How am I going to be able to find out that more changes you make to your privacy or terms? And how can I find out about new announcement around privacy controls?”
FEINBERG: That’s right. We’re running out of time so I want to make sure I thank all of our users for participating in this and for submitting your questions and for being engaged in the process and asking your questions. I want to remind everyone that the vote is still taking place. The vote started on Monday. It goes through ‘til next week. You can make your voice heard on these changes, and then vote on the process.
And again, as you said, Rob, and Katherine, as you mentioned, they can visit our site governance page to learn more and vote. They can always visit our privacy page as well and send us feedback and let us know what you’re thinking. Rob mentioned this but your comments and your feedback is really important to Facebook so those comments don’t go into a black hole. We read them and they’re important to us. It’s important to us that our users are comfortable on what we’re sharing on the site, what they’re posting, and what their friends are seeing. We’ll continue to stay involved and keep users up to speed on everything that we’re working on.
Rob, thank you so much for joining us, and Katherine, thank you for joining us. We should do this again.