The policy changes come a week after the social network gave its privacy settings a makeover.
The company on Wednesday unveiled the revisions as it faces one of its worst privacy scandals in history. Although Facebook says the changes aren't prompted by recent events or tighter privacy rules coming from the EU, it's an opportune time. CEO Mark Zuckerberg is also set to testify before Congress next week for the first time.
Almost always, critics say, the changes meant a move away from protecting user privacy toward pushing openness and more sharing. On the other hand, regulatory and user pressure has sometimes led Facebook to pull back on its data collection and use and to explain things in plainer language — in contrast to dense legalese from many other internet companies.
Among Wednesday's changes: Facebook has added a section explaining that it collects people's contact information if they choose to "upload, sync or import" this to the service. This may include users' address books on their phones, as well as their call logs and text histories. The new policy says Facebook may use this data to help "you and others find people you may know."
The previous policy did not mention call logs or text histories. Several users were surprised to learn recently that Facebook had been collecting information about whom they texted or called and for how long, though not the actual contents of text messages. It seemed to have been done without explicit consent, though Facebook says it collected such data only from Android users who specifically allowed it to do so — for instance, by agreeing to permissions when installing Facebook.
Facebook also adds clarification that local laws could affect what it does with "sensitive" data on people, such as information about a user's race or ethnicity, health, political views or even trade union membership. This and other information, the new policy states, "could be subject to special protections under the laws of your country." But it means the company is unlikely to apply stricter protections to countries with looser privacy laws — such as the U.S., for example. Facebook has always had regional differences in policies, and the new document makes that clearer.
Other changes incorporate some of the restrictions Facebook previously announced on what third-party apps can collect from users and their friends. For example, Facebook says it will remove developers' access to people's data if the person has not used the app in three months. Access by apps is under scrutiny following allegations that political consulting firm Cambridge Analytica improperly obtained data on millions of Facebook users through an app that claimed to be a research tool.
Facebook CTO Mike Schroepfer wrote Wednesday in a blog post: "In total, we believe the Facebook information of up to 87 million people — mostly in the U.S. — may have been improperly shared with Cambridge Analytica."
The policy changes come a week after Facebook gave its privacy settings a makeover. The company tried to make it easier to navigate its complex and often confusing privacy and security settings, though the makeover didn't change what Facebook collects and shares.
Those who followed Facebook's privacy gaffes over the years may feel a sense of familiarity. Over and over, the company — often Zuckerberg — owned up to missteps and promised changes.
In 2009, Facebook announced that it was consolidating six privacy pages and more than 30 settings on to a single privacy page. Yet, somehow, the company said last week that users still had to go to 20 different places to access all of their privacy controls and it was changing this so the controls will be accessible from a single place.