Inside 1to1:Privacy

Facebook: Managing Youth Privacy and Trust

October 1, 2007

By Jay Cline, CIPP

Facebook gained national attention last month when it announced it would allow search engines to index the names of its members over 18 who had given permission for such searches. This was a minor change from the 4-year-old company's past policy of requiring Internet users to first create a Facebook account before they could search its listings.

But the policy switch triggered a media buzz that tapped into a question on many parents' minds: Do my children know enough to be safe on social-networking sites?

Two recent studies reach mixed answers to this question, and raise important considerations for companies that want to responsibly engage a younger customer audience.

In "Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace," Catherine Dwyer of Pace University and two colleagues surveyed 226 Facebook and MySpace users. Respondents reinforced parental concerns by revealing their propensity to share information that strangers could use to locate and take advantage of them. Over 90 percent of Facebook users said they include their real name, photo, hometown and email address; three-quarters include their relationship status; and 38 percent include their cellphone number. MySpace users were less willing to share these types information.

"Facebook members were more trusting of the site and its members," Dwyer wrote in the study, "and more willing to include identifying information in their profile."

In an interview with INSIDE 1to1: Privacy, Facebook Chief Privacy Officer (CPO) Chris Kelly, CIPP, outlined the privacy controls on Facebook that could be contributing to this higher degree of trust and information sharing: Under-18 account applications are routed to a high-school network -- the largest of which has only 4,000 members -- where an email from the high school's domain or an invitation from an existing member of that high school network is required for profile activation; contact information is not required to create a profile; and a "report" link on every Web page enables users to report and block inappropriate contact.   

"The average user on Facebook has access to less than one-tenth of one percent of the profiles on Facebook," Kelly said.

In a second study, by the Pew Internet & American Life Project, teens appeared to be taking some, but not many, steps to protect their privacy.

In a telephone survey of 935 youths aged 12 to 17 conducted with a parent present, 55 percent of respondents said they post online profiles. Of these, two-thirds say their profile is not visible to all Internet users. Among those 34 percent whose profiles can be accessed by anyone online, 46 percent say they give at least some false information on their site to protect their identity.

The survey results suggest most teens are in good shape. "Overall, American teens are pretty savvy about how they present themselves online," Amanda Lenhart, the study's author, told INSIDE 1to1: Privacy.

But 63 percent of those surveyed believed that a motivated stranger could eventually identify them from the information they publicly provide on their profiles. The study also revealed that as many as one-fifth of teens who make their profiles available to all Internet users may not be taking basic steps to protect themselves. With 200 million users of MySpace and 40 million users of Facebook -- both among the top-10 most-visited Web sites in the U.S. -- a one-fifth share adds up fast.

"For some of these teens, it's about sharing and meeting new people, and for others it reflects a naïveté about online privacy," Lenhart said. Taken together, the surveys suggest companies marketing to youth do build trust and elicit greater information sharing when they build strong privacy controls into their services. But even with these controls available, many young people are still taking risks with their personal safety.

"Everybody -- parents, schools, organizations -- has to contribute to this issue," Kelly said.

Cline is President of Minnesota Privacy Consultants and can be reached at cline@minnesotaprivacy.com.