Even among people I know in the privacy community, there are those who maintain a LinkedIn account even though they would not touch most of the other online networking services with a barge-pole. Somehow LinkedIn, with its business-oriented approach to building and publishing your professional biography, has been seen as less promiscuous with its members’ data than the broader ‘social’ sites.
Whether or not that trust was well placed, I think LinkedIn may just have forfeited a slab of it.
As blogger Steve Woodruff writes, here, LinkedIn have added a function to include what they call ‘social advertising’ in users’ notifications: that is, if you “recommend people and services, follow companies, or take other actions”, your name/photo may be displayed in advertising to others. The justification they give for this is that it “makes it easy for […] members to learn about products and services that the LinkedIn network is interacting with”.
One of the principal issues, from a privacy perspective, is that this change has been introduced by default and without notifying users either that it is happening, or how they can opt out if they don’t fancy it. Neither is it clear to users who will see them in these advertisements, or whether their account privacy settings have any effect on the size of that audience. It’s not even clear, from the ‘catch-all’ description above, just which of a user’s activities might trigger the advertising function.
If that sounds familiar, it may just be because there has already been a highly visible case of something not wholly dissimilar. Do you remember the furore over Google’s “opted in” launch of the Buzz service? In that instance, the fallout included a class action settlement with a price tag of $8.5m, and a settlement agreement with the FTC under the terms of which Google had to sign up to 20 years of independent privacy audits…
Now, what LinkedIn want to publish about you via this new mechanism may differ from what Google disclosed via Buzz, but there’s a very similar set of questions at issue:
- To what extent is users’ personal data “fair game” when they sign up to an online networking service?
- What’s the right way to notify users if you’re changing the way you use such data?
- Should the default be “opt-in” or “opt-out”?
- How should you present any applicable privacy controls to the user?
Do you have a LinkedIn account (and if so, did you really think they were different from other online networking services)?
Will being opted in by default to this new feature make any difference to you?
What will you do as a consequence?
(Incidentally, Steve Woodruff’s blog post also describes how to revert to opted-out status, if that is your inclination)
Category: Uncategorized Tags: