Facebook rules: Everyone can vote on new privacy policy

Facebook's rules state if there are 7,000 comments on a new privacy policy, the company has to take it to a worldwide vote. Activists made sure that threshold was broken. Are you ready to vote?
Written by Emil Protalinski, Contributor

Facebook is going to have to put its new privacy policy (or rather Data Use Policy) up for a vote, according to its own rules. The company has yet to announce such a plan, but now that the commenting period has closed, it's only a matter of time.

Last Friday, Facebook proposed improvements to its Data Use Policy. You can view the tracked changes at the bottom of this article and go through an explanation of them over on the Facebook Site Governance webpage.

Facebook also held a live video Q&A on Monday and launched a Facebook Terms and Policies Hub at facebook.com/policies. Most importantly, the company asked its users to comment on the changes. It's now closed:

The comment period for our proposed new Data Use Policy is now complete. Thank you for your participation. We plan to review and analyze your comments over the coming days and will keep you posted on next steps.

Here's where it gets interesting. There's a clause in Facebook's own terms of service (Statement of Rights and Responsibilities) under the Amendments section that states the following:

If more than 7,000 users comment on the proposed change, we will also give you the opportunity to participate in a vote in which you will be provided alternatives. The vote shall be binding on us if more than 30% of all active registered users as of the date of the notice vote.

So, how many comments were made? Here's the breakdown (at the time of writing, these numbers can still go up):

Let's just say that the 7,000 comment threshold has been destroyed. Almost seven times the number of required comments have been made.

You might be wondering how this happened, and how Facebook didn't foresee it. You can thank the Austrian group Europe versus Facebook, and its initiative at our-policy.org.

The plan was simple: get as many people as possible to spam the comment section with the statement "I oppose the changes and want a vote about the demands on www.our-policy.org." It worked.

Now let's see how long it takes Facebook to launch a voting system for its new Data Use Policy.

By the way, if you think the name "Europe versus Facebook" seems familiar, there's a good reason for that. This is the same group that made 22 formal complaints regarding the social network's practices. The group even managed to accidentally get Reddit involved, whose users overwhelmed Facebook with data requests back in September 2011.

That's not the important part. Europe versus Facebook helped spur an investigation by Ireland's Data Protection Commissioner (DPC). You might think this wasn't a big deal, but it was crucial. Just because you don't live in Ireland, doesn't mean you're not affected. After all, this new privacy policy is for everyone who uses Facebook.

Facebook has over 901 million active users, but its headquarters in the U.S. is not responsible for the majority of them. Facebook's international headquarters is in Dublin, meaning all users outside of the U.S. and Canada are subject to Irish and European data protection laws. Facebook chose Dublin for the tax incentives: businesses are charged approximately 2 percent tax in Dublin compared to 35 percent tax in the U.S.

This past December, Ireland's DPC completed his three-month privacy audit of Facebook's activities. Facebook promised to make a slew of changes, and agreed to a more formal follow-up review in July 2012.

The clock is ticking. Facebook needs to get this voting thing in order so that it can push out an updated privacy policy in some six weeks.

See also:

Editorial standards