Facebook Like Button Violates University Privacy Policy

Facebook Like ButtonThe Facebook Like button is on so many college or university websites even when the Facebook Like button violates most every college and university privacy policy. I realize your chief marketing officer, foundation director and director of alumni relations love the idea of social media engagement and growing Facebook Likes. But do they understand how the Facebook Like button and other social media icons work and why it probably violates your privacy policy?

Facebook Like Button Tracks Everyone

In 2011 Arnold Roosendaal, Tilburg University, published Facebook Tracks and Traces Everyone: Like This!. This was groundbreaking and earth-shattering research into how the Facebook Like button actually operates to track online users.

So much so that anyone and everyone involved in social media strategy and privacy policy compliance on campus should be required to read it – Like yesterday. Facebook Tracks and Traces Everyone demonstrates the full capability of using tracking cookies and web beacons as with the Facebook Like button to track online users and convert anonymous user data into personally identifiable data.

At the time the paper was published, the Facebook Like button would actually set a tracking cookie in the browser of visitors to websites that used the Facebook Like button even when the site visitor has never visited Facebook’s website or registered for a Facebook profile.

The Facebook Like button cookie would continue to track these anonymous user’s online browsing history by updating the cookie everytime they visited a site that used Facebook Connect or had the Facebook Like button installed.

If the anonymous user ever visited Facebook.com and created a Facebook profile, their anonymous user history would be merged with their personally identifiable Facebook profile data. This process would also work when anyone would delete their cookies, use an alternate browser, or use different workstation then access their Facebook profile.

It appears Facebook has stopped this practice as a result of Rosendaal’s paper. But many privacy concerns remain over the functionality of the Facebook Like button and other social media sharing features.

The Facebook Like Economy

The Facebook Like button controversy continues more so in Europe than in the States where privacy is a greater concern and European privacy law much tougher. So it is no surprise some of the most interesting thinking and research on Facebook also comes from Europe.

Reworking the Fabric of the Web: The Like Economy featuring Anne Helmond (NL) and Carolin Gerlitz (UK) is a great example. This presentation offers a revealing look at Facebook’s efforts to define the social network business model around harvesting user data with social media sharing features like the Facebook Like button.

[iframe src=”http://player.vimeo.com/video/39256468″ frameborder=”0″ width=”500″ height=”281″]

A very similar story can be told about the Twitter and Google+ badges and most other social media icons. I will have more to share on the Track the Trackers project and the tools they use very shortly.

University Privacy Policy

Does your college or university privacy policy address the functionality of the Facebook like button? Does your privacy policy address any of the other social media icons or social plugins you are using in any way?

Chances are your privacy policy does not. Or more accurately, your university privacy policy probably suggests the functionality of the Facebook Like button and other social media features used on your websites does not occur. This makes their presence a violation of your privacy policy.

4 Common Privacy Policy Violations

  • The privacy policy only addresses the collection and use of the data the university itself collects.
  • The  privacy policy only addresses the data the user specifically provides through forms, payments, or other user initiated actions.
  • The privacy policy only speaks to FERPA privacy rules and directory information overlooking all of the social media icons and any other web beacons, third-party cookies, tracking cookies, or other data collection methods that might be in use.
  • The privacy policy only address first-party cookies issued by the university or just those on university managed websites ignoring third-party cookies as well as several web analytics cookies issued as first-party cookies but share the data with third-party providers.

University Privacy Policy and Web Governance

Every college and university privacy policy should be linked to its web governance model with oversight by the compliance officer. The privacy policy must first comply with any and all federal and state laws while at the same time being technically accurate.

Second, it is my opinion every online privacy policy used on websites must be anchored in the actual institutional policy framework. Otherwise you expose your self to avoidable risk by having a ‘policy’ that does not have the force of an actual policy.

One example is the University of Virginia Privacy Policy. Virginia’s privacy policy reads well and is very thorough. There are some holes in it when you examine what is actually occurring on some of their pages. But this is one of the more comprehensive and technically accurate privacy policies I have found recently.

I especially like the incorporation of the advertising policy which very few universities do. However, I am not sure how well the advertising policy is followed by special departmental sites especially Virginia Athletics. But that is an issue for another post.

This entry was posted in Privacy and tagged , , , , , , . Bookmark the permalink.

5 Responses to Facebook Like Button Violates University Privacy Policy

  1. Well, if they can know what you like they will understand you at a deeper level. This is amazing for marketing and advertising, but very sad for the privacy of the individual. We are now entering a phase in the history of the world where nothing is private or sacred anymore.

  2. The Higher Ed CIO says:

    Thanks for sharing your thoughts. The next couple of posts on this stuff may be even more eye opening.

  3. Pingback: Tracking the Trackers on College and University Web Sites

  4. F Peaden says:

    My brother recommended I read this because I am a Facebook junky. He was once totally right. Thanks!

  5. The Higher Ed CIO says:

    Everything in moderation I suppose.

Comments are closed.