European court rules Google must remove links in privacy case

Court of Justice of the European Union | The New York Times | BBC | WAN-IFRA

Europeans have a right to have some data about themselves removed from search engines, the Court of Justice of the European Union ruled Tuesday. If results display pages that are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed,” the search engine operator must remove them, the court ruled, even if the “publication in itself on those pages is lawful.”

The ruling comes in a case brought by Mario Costeja González, a Spaniard, who asked Google to remove “an announcement for a real-estate auction organised following attachment proceedings for the recovery of social security debts owed by Mr Costeja González” published by the newspaper La Vanguardia in the late ’90s.

Last year the court’s advocate general recommended Google should not be forced to remove the results. Europe proposed privacy regulations in 2012 that include a “right to be forgotten” unless the information is “necessary for historical, statistical and scientific research purposes” or reasons of public health or freedom of expression. The judgment “is strong tailwind” for those proposed regulations, EU Justice Commissioner Viviane Reding wrote on Facebook. “Big data need big rights.”

A Google spokesperson told The New York Times’ James Kanter it “was ‘very surprised’ that the judgment ‘differs so dramatically’” from last year’s recommendation. “We now need to take time to analyse the implications,” a company spokesperson told the BBC.

The ruling allows that a “fair balance” must be sought in such cases that may depend on public interest, “an interest which may vary, in particular, according to the role played by the data subject in public life.”

Tuesday’s ruling is not the only example of European countries grappling with the pathways to digital information. Spanish newspaper publishers are backing legislation that would force aggregators to pay “even for the reproduction of headlines and snippets of text,” Paul McClean wrote Friday. Read more


New Yorker introduces Aaron Swartz-developed privacy tool Strongbox

The New Yorker | The Washington Post | The New York Times | Wired | Guardian | All Things D

The New Yorker on Tuesday introduced its new, anonymous electronic tip tool Strongbox, coincidentally on the heels of renewed concerns over privacy for journalists’ sources following revelations of Department of Justice surveillance of AP staffers (which The Washington Post’s Timothy B. Lee notes is “likely perfectly legal”)

The Strongbox site ostensibly allows people to submit letters, documents, emails or any other files to the New Yorker anonymously. It was developed in conjunction with Wired investigations editor Kevin Poulsen and the late Web activist and developer Aaron Swartz, who hanged himself in January after facing charges of wire fraud and computer fraud. Poulsen, whose publication also is owned by New Yorker parent Conde Nast, wrote about Swartz’s involvement, and why Strongbox was a necessity.

There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards.

Read more

Can a Twitter user really prohibit you from republishing tweets?

Tim Cushing explains what happened when Teri Buhl, an “investigative journalist covering finance/Wall Street,” declared in her Twitter bio that “No tweets are publishable.”

A couple people who noticed the disclaimer questioned it. One of them, criminal defense lawyer Mark Bennett, received bullying emails from Teri Buhl that asked “Do you carry libel insurance?” and “Do you have outside counsel, or do you represent yourself?”

The story gets longer and weirder. But the underlying issue is fascinating: Is Buhl’s claim to privacy of public tweets as absurd as it sounds? Read more


With ‘frictionless sharing,’ Facebook and news orgs push boundaries of online privacy

Facebook again may have gone too far in its quest to make privacy obsolete, and this time some news organizations could get burned by going along with it.

Facebook spent years making it easier for us to share by building its network and placing “Like” buttons across the Web. Its latest idea goes much further, turning sharing into a thoughtless process in which everything we read, watch or listen to is shared with our friends automatically.

Encouraging sharing is great. Making sharing easier is even better. But this is much more than that. What Facebook has done is change the definition of “sharing.” It’s the difference between telling a friend about something that happened to you today and opening your entire diary.

News organizations and other content companies are eagerly accompanying Facebook down this path.

After disclosing required permissions up front, apps like Washington Post Social Reader automatically share all reading activity.

New Facebook-based apps like Washington Post Social Reader, and similar ones from The Guardian and The Daily encourage Facebook users to read their stories and pump all that reading activity out to their friends.

And this isn’t isolated to what you read via Facebook itself. Yahoo News is asking readers to sign up to have their reading activity streamed to their Facebook profile. Services like Spotify and Netflix have their own apps to automatically share all media consumption.

This so-called “frictionless sharing” has big problems.

It means little to friends

One problem is that the “friction” — the act of choosing what to share, with whom, and how — is what makes sharing meaningful.

In other words, “It’s the thought that counts.”

The fact that my friend read an article is not useful without knowing more. Did he like it? Did he think I would like it? Did it make him laugh, cry, gasp or sigh? Did he read it because his boss or his teacher told him to, or because he was genuinely interested?

A couple months ago I wrote about research that revealed the five reasons people share news online: to help others, to define ourselves by what we choose to share, to show someone we’re thinking of them, to get credit for being helpful, and to spread the word about a cause.

The fact that people choose to keep most things private places significance on what they choose to share. If everything is shared automatically, nothing has significance.

“Sharing without intention is not social, it’s overwhelming, it’s noise,” social media consultant Jeff Gibbard observes on his blog. “Not everything I read, I endorse. Not everything I watch, I like. Not everything I listen to, I want to share. Without intention it’s simply surveillance.”

It is misleading

If a woman reads a Yahoo News story about breast cancer and that fact is automatically noted in her Facebook activity, what are her friends to make of that? Does she have cancer? Does she have a friend with cancer? Perhaps a colleague was quoted in the article. Maybe she accidentally clicked on the wrong link.

Facebook is presenting this information with no context. In the absence of context, people make assumptions.

Can anyone in the new Facebook world read about personal health, relationship advice, personal finance or gay rights without their acquaintances speculating why? In other cases readers could be embarrassed by clicking on a Kim Kardashian photo gallery, a list of crude jokes, or anything else that some people may find distasteful.

That leads to the next problem…

The ‘chilling effect’

Because of this, news organizations that employ the Facebook activity feed may end up hurting themselves by making readers stop and think, “Do I really want to read this, knowing my friends will see that I did?”

That could be bad for news publishers and for society, said Rebecca Jeschke, spokeswoman for the digital privacy group Electronic Frontier Foundation.

“Are we not going to read about things and look at things and learn about things, because we’re scared about what someone might think about us?” Jeschke said. “That chilling effect is really concerning.”

In the long run the majority of Facebook users are not likely to willingly embrace frictionless sharing, she predicted.

“We’re sort of in a position right now where people are experimenting about how comfortable they are sharing this or sharing that, and I would be really surprised if the end result is we share everything all the time,” Jeschke said. “Clearly that’s what marketers want, and clearly that’s what companies want, but it’s really important for consumers to think about what they want.”

That’s an important point for news organizations to consider. Ask yourself: Why exactly are you doing this — for your benefit, or for the readers? Pumping Facebook full of links to your site so you can benefit from a bump in referral traffic seems good, but you risk alienating users and eroding their trust. The last thing a news organization wants is for people to think twice before they click.

The choice facing news organizations

So, where to go from here? One option is to just keep doing what you were doing — ask your users to share articles and videos they like with the people they think will like them. That’s actually been working pretty well for most websites. That’s what The New York Times decided, former developer Michael Donohoe writes on his blog:

Earlier this year when I was still at the Times we talked to Facebook about a news app. Facebook had a whole set of new features in the pipeline (presumably just launched) and this passive reading action was one of them and they were pushing hard for us to use it. It came up in conference calls and on-site meetings. I believe Facebook is very eager to catch-up or even displace Twitter as a go-to place for news, and this is how they think they can do that.

To their credit the newsroom shelved the idea. The consensus was that this was intrusive and potentially an invasion of privacy.

If you are going to build a Facebook app using frictionless sharing, you should at least be extremely clear about exactly how the users’ activity will be shared and what friends will see. Go out of your way to help them understand how to control the Facebook privacy settings, and how to opt out later if they change their minds.

It’s quite possible that a reader will sign up for a news sharing app like Yahoo News’, then come back a month later to read a story and forget that it will be shared. Or maybe he knows about the sharing and is prepared to self-censor his reading, but he clicks on a blog post link to a Yahoo story and suddenly he has “read” it on Facebook without making that choice.

“You may not even remember that’s activated … and I’m not comfortable with that,” said John Duncan, co-founder of Hearsay, a news-sharing site driven by the same sort of frictionless sharing of all reading activity. He’s a believer in frictionless sharing, but says it must be unambiguous.

“When I click on something, is this definitely being shared with everybody? Where is it going to appear? Who will see it? It’s not entirely clear because Facebook does so many things,” Duncan told me.

It is important for news organizations to experiment, so I don’t fault any for trying this new opportunity. And perhaps five years from now frictionless sharing could be common and uncontroversial. But if not, you want to be sure readers can back out of this experiment without misgivings about the way your organization handled it.

Correction: The original post wrongly included The Wall Street Journal’s WSJ Social app among those that share reading activity. It only shares the fact a person is using the app, not what is read. Read more

9 Comments begins tracking personal user information without consent | Dan Gillmor
The Wall Street Journal has revised the privacy policy for to permit the site to connect a user’s Web browsing data with personally identifiable information without consent. Previously, the policy stated that it would ask for users’ permission before doing so. The Journal’s own Digits blog reports that the change will enable more personalized information and services. Dan Gillmor calls it “a crappy and hypocritical move” in light of the Journal’s extensive reporting on online privacy invasions. “Remember: I and other Journal readers are paying real money to use that site. We are not getting something for free in return for handing over some personal information. The Journal is just greedy.” Alan Murray, executive editor for online at the Journal, tweets that Gillmor’s take is “a bit overwrought. We are not sharing your data with anyone. Our commitment to privacy is evident in how we did Facebook app.” Read more

1 Comment

How to lessen social media security risks from third-party apps

How much time has gone by since you joined Twitter? How about Facebook?

According to, my Twitter birthday is April 26, 2008. Since that day, I’ve sent out more than 9,600 tweets and gained over 1,700 followers. I’ve also allowed multiple third-party applications (such as TweetDeck, TwitPic and Seesmic) access to my account.


There are a variety of reasons why I give these apps access to my account information. Maybe I’m testing a new product, posting a photo from my phone, or tweeting a link directly from a website. I often allow access without thinking twice.

But this can be risky. Apps all have access to different amounts of personal data. And as these applications add users, their databases grow and become targets for hackers. Bottom line: The more applications you use, the larger your security risk.

Companies often access your personal information via quiz and polling applications on social media sites, for instance. And just this month, Facebook has — for now — disabled a feature that let app developers have access to your addresses and phone numbers. Facebook and Twitter can’t really control how apps use this data, but both sites provide ways for you to manage apps that have access to your account. Here are some steps worth taking …

On Twitter

  • Log in to Twitter.
  • Go here to see a complete list of the third-party apps accessing your account and select “revoke access” on any apps you don’t want/need.

On Facebook

  • Go to Account > Privacy Settings in the top right corner.
  • Click “Edit your settings” under “applications and websites.”
  • Click “Remove any unwanted or spammy applications.”
  • Select the applications you don’t want/need and click “remove selected.”

On Facebook, you can also turn off all third-party applications:

Which apps should I delete?

When I clean clothes out of my closet, I use the “two seasons rule.” Meaning, if I haven’t worn the garment in the two previous seasons, I’m donating it to charity.

Use the “one season rule” here. If you haven’t used an app in the past three months, cut the cord. You can always allow access again if you need it. Also remove any applications that are no longer in service, since they’re useless anyway.

Don’t forget news brand accounts

Remember to go through this process for your news organization’s accounts, too. How mortified would you be if your organization’s Twitter account sent porn spam to all of its followers?

To remove apps from your news organization’s Facebook page, click “edit page” and scroll down the applications list. Then click “remove application.”

Removing apps from social media accounts won’t completely eliminate security risks, but it helps. Try to go through these steps every few months to keep your accounts as clean and secure as possible. Read more


Danny Sullivan: ‘Facebook Connect freaks me out’

Danny Sullivan’s Daggle blog

After recently signing into Groupon, Search Engine Land Editor-in-Chief Danny Sullivan wondered why the site wanted access to a variety of personal information: a list of his friends, his recent check-ins, his date of birth and permission to automatically post status updates for him.

Of course, Sullivan was attempting to log in using Facebook Connect, which would effectively give the coupon service access to most of that data from his Facebook account.

As Sullivan notes, the problem is not that Groupon and Facebook were failing to notify him of this fact during the sign-in process, but rather that the notifications were too vague to be of value. For instance, what exactly might Groupon want to post to his wall, and when? Sullivan writes:

“My guess is that if I do things in Groupon, it might offer to let me share my actions to my Facebook Wall, if I explicitly say so. I don’t know this, of course. And the permissions page does nothing to reassure me. How about a plain English explanation that tells me exactly what might happen?”

This is not just an issue with Facebook Connect, which is growing in popularity, but with any site registration requirement. Most website privacy disclaimers read like they were written by lawyers, and they probably were. All readers want to know is: “If I give you my name, e-mail address and other information, what specifically are you going to do with it, and can I trust you?”

Local media organizations should have an advantage when it comes to gaining readers’ trust, but it is also easy to lose that trust through privacy missteps. It’s important to clearly explain why you need personal information, how you will keep it safe and how sharing it will benefit the reader. Read more

1 Comment