William Carleton, Counselor @ Law

Foursquare tweaked its privacy policy this week.

The changes are subtle, but significant. I've posted a redline to JD Supra that marks the changes against the last version Foursquare posted some three months ago.

Here are three telling excerpts:

Excerpt 1:

Information you submit to the Service will be available to users of the Service that you allow to access such information (friends etc.) in accordance with the selected privacy settings. Your name and profile picture thumbnail will be available in search results across the Service network and those limited pieces of information may be made available to third party search engines. This is primarily so your friends can find you and send a friend request. People who see your name in searches, however, will not be able to access all of your information (e.g., check-in history, phone number or e-mail address) unless they have a relationship to you (friends etc.) that allows such access based on your privacy settings.

Couple things to note about the above. The first change serves to elide the prior implication that users have complete control over who can access information which that user's activity on the service will generate. I think the revised language sets a realistic baseline: information is disseminated in accordance with settings you have to grapple with. For sure, a general implication remains that these settings will be efficacious in the area of privacy; but there is also, I think, the implication that your control will be no better than what the control tools permit.

Excerpt 2:

You can control your information through your privacy settings accessible through the ‘settings’ tab on our website once you’re logged into the Service.

A user is now fairly on notice that the full range of privacy controls, such as they are, may require a trip through a browser, and may not be accessible through a mobile app.

Excerpt 3:

While the Service does allow you to note your location at restaurants, bars, stores (and so on) throughout your community, at no time does Foursquare ask you to provide your home address for use as a venue in the Service database. You should be aware that if you or your friends add your home as a new venue in the Service database and that information is published on the Service (for example, via a user checking in to that home venue), that information may be published by third parties without our control. To request removal of a venue from the Foursquare database, please email us at privacy@foursquare.com.

This change reflects Foursquare's acknowledgment that it cannot simply disclaim all responsibility for residences listed as check-in venues. But rather than commit to actively police the site to ensure that residence listings are only approved by the resident(s) (a likely impossible task, in any event), Foursquare seems to be offering the DMCA copyright infringement objection regime as a model: the onus is on you, as a user, to monitor whether your home shows up as a venue, and to notify Foursquare if you object.

I like these changes. I read them as a sign that we are all being more realistic about what privacy assurances a social network with location based functions can give. We're now past the time when a privacy policy starts by promising the moon in terms of security and control (e.g., the pablum that got Twitter into trouble), only to set up controversy and recrimination when security is breached or new features are introduced that are at odds with the privacy rhetoric.

(But we're not out of the woods! Vestiges survive of the old instinct to be reassuring in accordance with old mores. You see this yet in the first two paragraphs of Foursquare's own, new Privacy 101 page.)