Facebook at eye of privacy firestorm

Facebook's recent changes to its privacy policy was meant to be a vote of support for furious job applicants reluctant to hand over their passwords to potential employers; in actual fact they've reignited a firestorm. The social network amended its Statement of Rights and Responsibilities in the aftermath of reports that some companies and schools were demanding Facebook access as an extended background check, threatening legal action for sharing or soliciting a password. However, the tweaks drew focus to just what, exactly, the privacy policy spells out, and neither users nor privacy regulators are liking what they read.

The privacy policy is now known as the "Data Use Policy" and includes sections on "non-users who interact with Facebook" having data stored and processed in the US. The site is indulging in "comprehensive tracking of registered and un-registered users" a German data protection watchdog ULD has accused, among multiple other concerns, and says Facebook's period of user-feedback consultation – which ends later today – is far too short to sufficiently acknowledge the growing number of comments.

For its part, Facebook denies much in the way of change to any of its policy documentation. The renaming of the policy was initially done over a year ago, spokesperson Barry Schnitt said, CBS reports, and this new amendment is merely "making the Terms consistent. As for the fact that user data is shared with apps that friends use, Schnitt says that's been permitted for the past five years.

"Facebook is a social Web site and so is our platform. Apps need data from friends to develop these social experiences and that is the whole purpose for our platform. If you're not comfortable with that, you can use your app settings to control what friends can share about you, block individual apps, or you can turn off the platform altogether" Barry Schnitt, spokesperson, Facebook

What may well be the case now is that Facebook users are waking up to exactly what liberties the site is free to take with their data: permissions that may well have been in place for an extended period, but which so far users have been unaware of. That's simply not good enough, the ULD says, claiming Facebook's policies do not comply with German data protection law.

Two US Democratic Senators – Richard Blumenthal and Charles Schumer – have called upon the Department of Justice and the Equal Employment Opportunity Commission to investigate the behaviors of employers and colleges demanding Facebook access:

"We urge the DOJ to investigate whether this practice violates the Stored Communication Act or the Computer Fraud and Abuse Act. ... Two courts have found that when supervisors request employee login credentials, and access otherwise private information with those credentials, that those supervisors may be subject to civil liability under the SCA. ... Although these cases involved current employees, the courts' reasoning does not clearly distinguish between employees and applicants. Given Facebook terms of service and the civil case law, we strongly urge the Department to investigate and issue a legal opinion as to whether requesting and using prospective employees' social network passwords violates current federal law." Letter to Department of Justice

"By requiring applicants to provide login credentials to social networking and email sites, employers will have access to private, protected information that may be impermissible to consider when making hiring decisions ... Facebook and other social networks allow users to control what information they expose to the public, but potential employers using login credentials can bypass these privacy protections. This allows employers to access private information, including personal communications, religious views, national origin, family history, gender, marital status, and age. If employers asked for some of this information directly, it would violate federal anti-discrimination law. We are concerned that collecting this sensitive information under the guise of a background check may simply be a pretext for discrimination" Letter to EEOC