I have one question about California’s proposed Social Networking Privacy Act: Why not focus more on education than restriction, as it becomes clearer from the research that young people care deeply about their privacy online and have nuanced privacy practices of their own (see a blog post on this by researcher danah boyd). Media literacy instruction in school needs to include discussion about best practices in new media, about traditional privacy views and norms, and about how those norms are changing (see this draft paper from researchers danah boyd, PhD, and Alice Marwick, PhD: “Social Privacy in Networked Publics“).
I have no problem with a privacy default, but it shouldn’t be so restrictive, as in this legislation, as to “prohibit the display, to the public or other registered users, of any information … other than the user’s name and city of residence.” In Facebook, that would mean all other information being relegated to the “Only Me” category of the privacy settings, it appears to me. That would be like taking the “social networking” out of “online social networking,” which makes me wonder if the authors of this legislation have used a social network site or have children. A more logical default for minors would be for information besides name and city to be visible to “Friends Only,” which Facebook already imposes for minors’ use of its geolocation service, “Places” (though not the rest of its services), and which the EC may at some point require for social networking in general by European minors (see this). And there are problems associated with making distinctions between adults and minors in privacy legislation. If a law says, as this one does as of this writing, that – “in the case of a registered user who identifies himself or herself as being under 18 years of age, the social networking Internet Web site shall also remove the information upon the request of a parent of the registered user” – the law would further encourage young users not interested in parental interventions to lie about their age. I sincerely hope legislators are looking at the research. If their efforts are based on an oft-repeated assumption that posting personal information online is in itself inherently dangerous, they might consider the 2007 conclusion published by researchers at the Crimes Against Children Research Center in Archives of Pediatrics that it isn’t.