Yesterday, I wrote about LinkedIn’s recent Privacy Policy changes, by means of which the company snuck in the right to use your name and photo in adverts placed by third parties.
You weren’t offered the choice to enable this new feature at will, because it was turned on by default for everyone.
And LinkedIn didn’t warn you directly – which it could easily have done by email – that you might very well want to turn it off.
Crudely put, and in my own words, LinkedIn gave itself the right to mine your usage habits to determine what products and services you’re interested in, and then to use your name and photo in what amounts to an endorsement for those products and services when they’re advertised to other users.
If you were to put a positive spin on this sort of policy change, you might call it something like an exciting new feature which automatically improves your online experience with no cost or effort on your part.
But you might equally well describe it much less flatteringly as a terms-and-conditions land-grab or as a privacy policy bait-and-switch.
And, as regular readers of Naked Security will know, we aren’t big fans of privacy changes that are used by service providers as a vehicle to introduce a brand-new ‘opt-out’ feature. (Opt-out means it is on by default until you get around to turning it off.)
We think that a better business standard would be to make this sort of new feature opt-in. We accept that short-term sales goals might be easier to achieve with opt-out, but we know that opt-in would be safer for users. Indeed, users with strong opinions about privacy would become strong advocates for a service provider which set this sort of standard. The privacy regulators would be pretty impressed, too.
So we feel sure that adopting an opt-in model would actually be better for a service provider’s business value in the long term.
With this in mind, we invited our readers to email LinkedIn with words to this effect:
Dear LinkedIn,
Why not lead the way on privacy?
Become truly opt-in - not just on the basis that a new user opts in altogether by joining up in the first place, but on the basis that everything is locked down until a new user opens up each feature.
Many of you let us know you’d asked LinkedIn to do just that.
already responded publicly to the complaints the company has been receiving.
Roslansky has also recognised that the company should have been more open about its new ‘social ads’ feature, and has even agreed to make some changes to the system.
In particular, LinkedIn has quickly admitted that it took a step too far, respectfully conceding as follows:
Most importantly, what we've learned now is that, even though our members are happy to have their actions, such as recommendations, be viewable by their network as a public action, some of those same members may not be comfortable with the use of their names and photos associated with those actions used in ads served to their network.
And LinkedIn has agreed to changed the look-and-feel of its ads:
I suspect that many companies would find it really hard to react this quickly – except perhaps to say, “We are taking your comments seriously and will determine a course of action after a series of internal business committees have anguished over the implications of any changes, when the economic simulations are complete, and once the lawyers are happy.”
So, from Naked Security to LinkedIn, “Well done!”
There is some bad news, however. There’s still no sign that LinkedIn is willing to go down the opt-in path. The company still seems happy with opt-out, though I must admit that it has made opting out of social ads fairly straightforward. A couple of clicks will do it.
Nevertheless, I’d say this is a real result. It may be just a first step towards stronger privacy standards, but it’s good for you, and it’s good for LinkedIn. Respect!
If you’re on LinkedIn, and want to keep up-to-date on the latest security news, join the Naked Security LinkedIn group.