Evan Schuman's StorefrontBacktalk

Facebook officials learned a hard lesson this month when the social networking site snuck in a privacy policy change that could have allowed it to access users’ content—and use it forever for pretty much anything Facebook could think of—even after users had deleted it from their accounts. After public backlash, the policy was reversed—for now. But I’ll bet serious money that these execs learned the wrong lesson.

What’s learning the wrong lesson? A few years ago, I was involved in a home cleaning contract and the agency didn’t do what it said it would do and, as a consequence, permanently damaged some furniture. For two weeks, I tried getting company officials to fix the problem or even return a phone call. Nothing. So I had little choice but to dispute the firm’s credit card fee with the bank, and I got it reversed.

Not surprisingly, the CEO of the company suddenly found the time to call me back. I explained the situation so that he would understand the importance of the chemicals his people used and that it was important to have his teams do what they say. He said that he would change policies as a result of the incident. “What will you change?” I asked. Yep, you guessed it: The company would no longer accept credit cards. (Hey, at least the guy was being honest. An honest lowlife is better than a lying lowlife, I guess.)

My fear is that a version of this scenario is going on at Facebook. Were the subsequent stern meetings at Facebook focusing on the fact that people need to trust Facebook, so considering using their data for any purpose is acceptable? Or did they focus on ways this policy change could have been made—or can still be made—even more quietly?

To accept Facebook’s version of events, we either have to believe that a terms of service change of this magnitude was implemented without the CEO’s knowledge or that the CEO didn’t anticipate that this particular change would alienate folk. Is it not more likely that the executives knew precisely what they were doing and made the legitimate assumption that of the very few people who would read the revised terms of service, none would pick up on the significance? (Oops! Web media to the rescue: In this case, the Consumerist.)

Interpretation Is In The Eye Of The Beholder

To interpret motivation and real intent, sometimes a look at history can be useful. Do you remember another Facebook privacy incident back in December 2007? In that case, Facebook tried sharing—without permission—customers’ purchases with people on their friends list.

“The program, called Beacon, informs Facebook users’ friends when purchases are made on certain online retail sites, including Amazon, Zappos, Travelocity and Fandango. In some cases, friends were informed exactly what item was purchased, ruining some holiday gift-giving plans,” said a RetailWire report at the time. Again, Facebook said “oops” and promised to hold off for the time-being.

Is this a pattern? Is Facebook trying things, and if it’s caught and there’s a loud enough protest, the site pulls back? In short, is Facebook trying the permission versus forgiveness approach? Indeed, it seems to have tried both options. For a company that is trying to solidify a brand and build as much trust as possible, these tactical approaches seem odd.

But there’s a bigger issue in the perception vs. reality category. If you ask consumers whether they would make purchases at a retailer that suffered a huge data breach, they’ll say “No, of course not.” But in reality, as the financial reports of TJX and Hannaford made clear, consumers actually do the opposite of what they tell poll takers.

If you ask a consumer whether they want to give up permanent rights to their data, of course they’ll say “No way.” But if you don’t ask and suddenly start offering them the customized services that such data sharing enables, will the result be different?

Consumers historically have very little imagination about such things. Had you asked a 1990s consumer about whether they’d want to use a network of networks to make tons of purchases on their laptops, what do you think they would have said? Without having the vision to understand what the Web would be like, what would have been their natural reaction? What about the first meeting in Detroit when some engineer proposed the airbag? Can’t you envision some marketing exec saying, “Impressive. As soon as customers start asking for a giant balloon to pop out of their steering wheel during an accident, we’ll let you know.”

The problem with the Facebook plan as rolled out is that the site, in effect, talked about a giant balloon popping out and forgot to talk about a safety device that will save lives in major accidents. The way to make such a privacy change is to talk about the customization advantages that await consumers.

As a mostly free service, Facebook has the right to use content in a wide range of ways, as long as those options are not specifically forbidden in its privacy policy. Pledging that users could remove their content and instantly cause their license to terminate was an unfortunate move on Facebook’s part, back when that policy was likely its true intent. I hate to say it, but that’s what lawyers are for, to remind execs to keep their options open for the future.