Prompted by Canada's privacy commissioner, the world's most popular social networking site is giving users more control over how their personal information is used.
Facebook announced this week that its 500 million users will now be able to see exactly which parts of their personal data third-party applications need access to in order to work. Previously, applications ranging from games to greeting card makers to online dating software were required to ask a user's permission before accessing personal information, but they were not required to specify exactly what information they needed. However the new rules now require apps to list exactly what information - such as a user's photos or friends list - they must use.
Bret Taylor, Facebook's chief technology officer, described the change as adding "mini-layers" of privacy to the site, and said it was prompted by meetings between the company and the office of Canada's privacy commissioner, Jennifer Stoddart.
Ms. Stoddart has been one of Facebook's fiercest critics on the topic of privacy. Indeed, it was an investigation of the service by Ms. Stoddart's office that forced the company to backtrack on some of its policy changes that had exposed more user information.
At the heart of much of Ms. Stoddart's criticism is the notion of "opt-in" versus "opt-out" features. For example, some of Facebook's options had previously exposed users' data by default, forcing users to specifically opt-out in order to keep their information private. Privacy officials argue that, in the vast majority of cases, default settings go unchanged.
Now, users will specifically have to opt-in to let third-party applications access their data. Facebook announced plans for such an option as early as August of last year, as part of its dialogue with Ms. Stoddart's office.
However the policy still entails an all-or-nothing proposition - applications must still be allowed to access all the data required before they can run. For example, if an application asks for permission to access photos, video and friends' information, it cannot run unless it has access to all three information sources.
The new settings also allow users to give an application permission to access their friends' data. For example, a user can agree to let a greeting card application have access to their friends' birthdays, without their friends being asked for permission. However, Facebook does give users the option to make their data inaccessible to the application environment, meaning their friends' apps can't use it under any circumstances.
Since announcing a host of changes at a developer conference earlier this year, Facebook has come under intense pressure to improve privacy settings on its network. Even as the website's massive store of personal information makes it a potential gold mine for advertisers, many users and privacy groups have complained the social network that started as a students-only website is now far too lax with its privacy settings.