Facebook’s Privacy Game

We’re not even speaking the same language about privacy. That’s the problem.

James J. Ward
Jan 9, 2020 · 7 min read

Fads are a big part of January. Everyone wants to hashtag their efforts at keeping up their New Year’s Resolution (#NoCheeseMonth, #NoCarbMonth, #NoFunMonth), and our collective refusal to acknowledge that the holidays are over means we’re all still desperate for distractions. But nobody minds, because we all love fads — it’s why we get obsessed with one hit wonders and dance routines (and, occasionally, both at the same time).

Everyone born before 1990 is in at least one Macarena video, Tracee.

Yesterday, we got to see the confluence of a few of our favorite fads: megaconferences, big privacy promises, and clashes between tech giants. At CES, the Consumer Technology Association’s huge annual conference, representatives from Facebook, Apple, and others sat on a panel together. The topic, unsurprisingly, was privacy, and how these companies are adjusting to the changing political and regulatory landscape. There were the usual promises about “taking privacy seriously,” and recognition that governments are becoming increasingly concerned about the disproportionate power that businesses have to collect, and monetize, personal data.

And then, more than once, Facebook’s privacy czar Erin Egan made the claim that Facebook is just as protective of user privacy as Apple is.

“See, I *do* have a sense of humor!”


Who knows why Facebook decided to opt for that as a talking point because, even if it is true ( which, you know, it isn’t), absolutely no one believes it to be true. It’s a scenario where saying something repeatedly is just going to make listeners angry, rather than believing that you’re right, like your uncle who keeps trying to tell you that Starland Vocal Band was the greatest group of the 70s. (It was obviously the Bay City Rollers). But given the last few years, it’s hard to imagine why Facebook would make a claim so bold, and so brazen, in a public setting.

Part of it is that Facebook and Apple are in entirely different businesses. Apple is a merchandise and services company that has an extremely potent data collection practice, while Facebook is essentially an advertising sales company driven by a massive personal data collection effort. It’s natural, if not desirable, for Facebook to have practices designed to pull in as much information about their users as possible, if only to be able to better market itself to companies that want to buy advertising services. But there is simply no question that the wholesale data consumption at Facebook is on a scale comparable really only with Google, and that allegations (and, really, proof) of malfeasance have dogged Facebook for at least a decade. Apple? Not so much.

The reality is that Facebook can’t make much of an argument about privacy, no matter how many times they repeat it. Consider their new “ Privacy Checkup,” which claims to provide users with the tools and information they need to create the kind of privacy controls best suited to them. It’s interesting, certainly, and the UI has been made easier and friendlier, but there’s a catch: it changes the privacy setting only as they relate to other people on Facebook, and not Facebook itself. In other words, you can make sure that facial recognition is turned off, or that your creepy next door neighbor doesn’t get to see you posts, but you still have just about the same level of control over what Facebook does with you data as you ever did: effectively bubkes.

Does that come with guac?

So why does Facebook say things like this? Why make a claim that’s so close to being just flatly untrue that it risks being called out? It’s a game, really. A language game, and it’s one, in the privacy sphere, that’s been underway for a very long time.

Quit Playing Games

The concept of language as a game traces back to famously toussle-haired and famously ornery Austrian philosopher Ludwig Wittgenstein, who always looks to me like a cross between a (somehow) crankier Peter Capaldi and a (somehow) moodier Samuel Beckett. Moods aside, Wittgenstein was a brilliant, epoch-defining thinker who changed how we conceive of our use of language. According to his theories, all communication relates to its context, and so a word or phrase had no independent meaning: language is not a standalone entity that reflects reality or truth. Instead, language is a tool that we use, and it only becomes meaningful by the way we use it in a certain circumstance. For instance, if I shout “Traitor!” at you, I might be challenging your loyalty to your country, accusing you of changing your allegiance to a football team once they reach the playoffs, or making a Star Wars reference. You only know based on where we are, what we’re doing, the nature of our relationship etc etc. For Wittgenstein, when we communicate with one another, we’re playing the communication game, constructing its rules, and conveying ideas all at the same time.

This was the happiest moment of his life.

Super! Except what happens when we’re playing different games? What if I use language in an attempt to induce the listener to believe I will do one thing, when in reality I intend the opposite, or something very different? Obviously, our communication is flawed, and wherever we take our interaction, it will carry the taint of that initial lie. More charitably, what if we’re merely talking past one another because our words carry different meanings based on the contexts from which we came to our meeting with one another? How could we communicate with one another in that situation and expect to reach the desired outcome? At least one of us is going to be disappointed, and maybe both.

This is where we find ourselves when it comes to privacy: Facebook isn’t playing the same game that we are, at least when it comes to privacy. When they say privacy checkup, we hear “control over my privacy and what is shared,” but Facebook means “control over other users’ activity.” Facebook’s meaning is unclear because they never come right out and explain what they mean, and because privacy is a very complicated subject that makes contexutalization difficult.

Think about it this way: when we normally deal with a company as individual people, it’s in the context of a purchase and sale. There’s little room for confusion because our context is clear: buyer and seller. Starbucks says “$4.00 for a latte,” I say “$*@$# fine, take my money,” everyone walks away clear about what happened. But Facebook (like other social media or tech companies) operates at the very center of our personhood, our identity. The difference is that Facebook uses our misunderstanding and monetizes personal data at the expense of the very privacy it claims to promote.

“Privacy,” of course, is an extremely loaded term. When Facebook says it, they use it in the context of a commercial enterprise embedded in a complex regulatory scheme; when we say it, we’re talking about who gets the right to peer into our life. Two games, two sets of rules, two sets of meanings. That’s why we’re frustrated with Facebook, but it’s also why Facebook says that it’s just as good as Apple: we’re all talking about different things, in different contexts, for different reasons.

Check out his law blog.

Clearing up the Mess

GDPR didn’t clear up this confusion, and the linguistic hot mess that is the CCPA certainly won’t help either. What we need is a new taxonomy of privacy, a set approach to talking about privacy that gives everyone a shared context with mutually intelligible rules and parameters, if not outcomes. It’s a process that begins with changing the way we expect, and require, businesses to communicate about what they’re doing. The incessant legalese, the convoluted terms, and the byzantine clickthrough structures all have to go, for a start. From a consumer-facing perspective, that’s simply a prerequisite.

The only way that happens is if we change the way businesses think about privacy more generally. the conversations about privacy have to shift away from “what do we have to do about this privacy business” to “what do we have to do to make privacy our business.” That change is what GDPR was meant to inspire, but it has not materialized, even a little, as of yet. It’s more than just privacy by design, although PbD is absolutely essential. The real change is when businesses and individuals alike recognize that privacy doesn’t destroy the ability to deliver goods and services to individuals: we all bought things before our IoT toaster spied on us, we’ll continue to do so if the surveillance stops.

This year, we’ll spend a fair amount of time talking about strategies for doing that, including promotion of verified answers, identifying sources of truth and trust, and delivering on easily-made privacy promises. For now, though, it starts with speaking the same language when it comes to privacy. When that happens, I’d be very interested in hearing what Facebook has to say.

“Nervous? Who’s nervous? I’m not nervous.”

Originally published at https://wardpllc.com on January 9, 2020.

The Startup

Get smarter at building your thing. Join The Startup’s +788K followers.

Sign up for Top 10 Stories

By The Startup

Get smarter at building your thing. Subscribe to receive The Startup's top 10 most read stories — delivered straight into your inbox, once a week. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

James J. Ward

Written by

Privacy lawyer, data nerd, fan of listing three things. Co-author of “Data Leverage.” Nothing posted is legal advice/don’t get legal advice from blogs.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +788K followers.

James J. Ward

Written by

Privacy lawyer, data nerd, fan of listing three things. Co-author of “Data Leverage.” Nothing posted is legal advice/don’t get legal advice from blogs.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +788K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store