Facebook privacy chief: Data portability dangers overlooked

The launch of Facebook's Beacon advertising system in November put the social networking site in the middle of a controversy over privacy, as Beacon was criticized for being too aggressive and stealthy in collecting and broadcasting information about users' activities online. For that reason, few people right now would probably envy the job of Chris Kelly, Facebook's chief privacy officer and the person most responsible for explaining the site's policies to the public.

IDG News Service recently caught up with Kelly for a telephone interview. He answered questions about Beacon, saying the company is happy with it now after some revisions but acknowledging that the work isn't over, so we may yet see further modifications that address remaining privacy concerns.

He also tackled other hot topics, such as the company's efforts to protect minors from sexual predators as well as data portability, or the ability for users to move their data between different social networking services. Kelly said Facebook is in favor of data portability in principle but wary of it in part because of concerns about user privacy. That might surprise the critics who raised red flags over Beacon, but Kelly said there are legitimate concerns about privacy -- and security as well -- with data portability.

The following is an edited transcript of the conversation:

IDGNS: There has been a lot of talk recently about data portability, specifically about letting users of social networks export their data to other sites and applications. What's your take on data portability?

Chris Kelly: We've made it clear that we don't have a philosophical problem with data portability. The problem comes in because there are all sorts of privacy and security worries [related to it], and there are a whole bunch of people out there who would gladly attempt to exploit somebody else's personal information if they could get one point of entry into a network, for instance, and try to export as much data as possible.

So we want to make sure there are rules and controls around that to minimize the possibility of something going off. That is a critical part of all of the discussions, and it's something that, in a rush to call for data portability, most proponents haven't effectively considered. We're trying to make sure that everyone considers that. We joined the Data Portability Workgroup because we want to show that we're serious about having that conversation. But to just say that you can have a completely open system ignores that there are serious privacy and security challenges about that.

IDGNS: So given the privacy, security, and legal considerations that need to be taken into account, is a satisfying solution to data portability even possible?

Kelly: Any system needs to reflect the actual preferences of the end-user of the data, and the end possessor of the data is the data subject. At Facebook, we've obviously invested a great deal in building a preference-capturing system around that, and any portability scheme needs to reflect that type of information. We'll press for any data portability scheme to reflect the preferences of data subjects. That's a very important part of building an effective data portability setup.