Last week, rumors started spreading that Facebook had changed its policy and was now allowing third-party advertisers to use your photos (i.e., images users post onto Facebook) without permission. The flap over the use of Facebook user-profile photos in advertising came into the limelight when a man, using a third-party application, saw an advertisement displayed for an online dating website, and much to his surprise—it happened to include a picture of his wife. There’s Good, Bad & Ugly.
Good news: His wife wasn’t out looking for a date. Bad news: The photo emanated from a Facebook profile photo available to companies that use the Facebook platform ad network. Ugly news: You could be next!
So here’s the scoop:
Facebook has not changed its policy and does not allow the use of your photo(s) without permission. Facebook had previously suspended two ad networks from the Facebook platform for deceptive practices and user complaints. Those ad networks were said to be using third-party applications in which these photos were embedded and, according to Facebook, that violates Facebook’s privacy policy; and the ads were misleading since they made it look as if someone’s Facebook friend had taken action when they really had not. Facebook itself issued a statement noting, “We are as concerned as many of you are about any potential threat to your experience on Facebook and the protection of your privacy. That’s why we prohibit ads on Facebook Platform that cause a bad user experience, are misleading, or otherwise violate our policies.”
Although some Facebook users might not know it, Facebook has been running ads from its own ad system for more than a year—it lets your Facebook friends know of any direct connections you have with products and services. So if you become a "fan" of a Facebook Page, your Facebook friends might see an advertisement showing both the action you took (becoming a fan) and your profile photo along with the ad. According to Facebook, it will only do this when a Facebook user has taken some affirmative action indicating a connection with the product or service being advertised. Facebook also claims no data is shared with third parties in this process.
The best we can determine, Facebook technically only allows any user content to display in or with third-party advertising if the content isn’t being cached. While Facebook likely tries to control these networks, some obviously are not adhering to this policy, with photos then appearing not only on third-party ad networks within Facebook when they haven’t been authorized, but also in some cases outside the Facebook domain itself.
If you are a Facebook user and have actually read (and understood) its Terms and Privacy Policy, which is part of the Facebook Principles, you might know that Facebook ad networks can use these user photos in ads—they just can’t do so in violation of their privacy policy or in a deceptive manner. While clearly Facebook has an interest in keeping users comfortable with the online social media environment it has created, it will likely either do a better job of disclosing and explaining the potential uses that may be made of user information (including images, connections, and the like), or it will need to monitor and control the use of its advertising platform by third-party advertising networks that are allowed to use the platform.
Every user on Facebook is opted-in to allowing the use of their photos as described above, by default, when they sign up. Perhaps part of the flap is the fact that many users may simply have not known this. Or perhaps there’s a disclosure or communication problem within the community. Facebook might also provide more visible or multiple ways of enabling users to opt-out of this feature or create more refined privacy settings so that users are given more options and more information that allows them to control the use of their photos (and other information), certainly outside and potentially inside the Facebook social media community. Most users simply may have had no clue this was the default or that this was happening. Even when they realize this is occurring, many can’t figure out how to change the settings. Currently, the only way to fix the problem is to have users change the privacy settings that are found under “Settings,” “Privacy Settings,” “Newsfeeds and Wall”; looking for the tab that says “Facebook Ads”; and re-setting your “Appearance in Facebook Ads” preference to “No One.”
HOWEVER, just so everyone is clear—this still may not opt you out of Facebook ads displayed to your friends with your photo when you expressly take action within Facebook (e.g., becoming a "fan"), but it will opt you out of third-party network ads. That said, it remains to be seen how Facebook will deal with the delicate reality of handling third-party ad networks that aren’t Facebook affiliates, since these represent a significant source of revenue for creators of Facebook applications.
To put it more simply, if you provide a third-party application with the right to access your information (which you generally need to do in order to use the application), then technically the advertising networks can access that information, too. That’s why users should pay attention to the applications they add, and get rid of applications they are no longer using. You can do this through the “Settings” menu as well. Head for the “Application Settings” page, and if you see a menu that says “Recently Used,” change it to “Authorized” and you will see the applications you have approved with an “X.” Just click to remove those you no longer wish to have authorization. That way, you won’t wind up as a poster child for some product or service that you did not and would not ever intend to endorse.*
If you need to know more, please contact Joseph I. Rosenbaum at joseph.rosenbaum@rimonlaw.com, or you can view his bio at rimonlaw.com. Of course, you can always contact your favorite Rimon attorney, who will be more than happy to help you.
* Speaking of endorsements, Joseph I. Rosenbaum was actually speaking of Endorsements (and Testimonials) at a recent CLE Conference in Ireland, sponsored and hosted by the School of Law at Limerick University and previously featured in Legal Bytes. A copy of Joe’s presentation (without the embedded videos) has been posted in .PDF format in an update to the previous posting.