Facebook Founder and CEO Mark Zuckerberg has made public his confusion and frustration over “repeated reports” of government spying. In calling on the U.S. government to “be the champion for the Internet, not a threat,” Zuckerberg said, “They need to be much more transparent about what they’re doing, or otherwise, people will believe the worst.”

And Zuckerberg knows a thing or two about struggling to maintain user trust. Facebook has faced many trials as its privacy policies and services have changed over the last 10 years.

Transparency for a company like Facebook, one predicated on users sharing personal information with one another, is a huge part of maintaining such trust. This same notion was explained in more detail at the IAPP Global Privacy Summit by Facebook Chief Privacy Officer, Policy, Erin Egan.

Set in a room filled to the brim with Summit attendees, Egan shared some of her insights into being the CPO for, perhaps, the most scrutinized and identifiable social network in the world in a conversation with Center for Democracy and Technology President and CEO Nuala O’Connor, CIPP/US, CIPP/G.

Facebook CPO, Policy, Erin M. Egan, and interviewer, Center for Democracy & Technology President and CEO Nuala O’Connor, CIPP/US, CIPP/G

“Transparency is huge,” she said. “I spend a lot of time on what we call data literacy: making sure people understand the data that is being collected about them.” This is something “Mark” talks a lot about at Facebook, she said. Helping users understand what data is being collected about them establishes trust, or as Egan said, “at its essence, it’s understanding.” One step she has taken to bolster transparency, for example, is Facebook’s “Ask Our CPO” feature.

Egan is not alone at Facebook with such a heady privacy task. She’s one of two CPOs—both created after the company settled with the Federal Trade Commission in 2011 for privacy violations. As the outward-facing privacy officer in charge of public policy, Egan travels around the world building relationships and with an ear to the ground. She recently spent three months with academics in Europe to better understand the cultural differences and data protection developments in a region that considers privacy to be a fundamental human right. She also pays attention to other developments in privacy, including the NTIA multi-stakeholder meetings on facial recognition and the White House’s Big Data initiative.

And her focus has not only been on the U.S and EU. India, which just announced plans for a new privacy regime, is one of the network’s fastest growing markets, closely followed by Latin America and several Asian countries.

By having a finger on the pulse of the meta-privacy world—one looking five, 10 years into the future—she is then able to feed the inner teams at Facebook the larger privacy developments and trends to better inform product development. Her colleague and counterpart, Chief Privacy Officer, Product, Michael Richter, works within the company, training employees and developing new services and products. Together Egan and Richter help lead a cross-functional team, she said, one that meets about three times a week to hash out the latest and greatest.

And meet consistently, they must.

As social norms change almost in real time and as larger swaths of human-level data are collected on its network, Facebook resides at the forefront of a lucrative, tempestuous and unpredictable Big Data ecosystem. Egan argued the Big Data implications are hugely important and valuable to society, citing the work of the UN Global Pulse. Though, she said, Facebook is not yet at the point of solving such lofty problems as feeding the world’s poor, there’s room for optimism. However, Facebook’s closely guarded database faces many critics, who point out the potential harms that lie therein, from facial recognition to behavioral targeting to perhaps something yet unknown.

But users should be aware of what they’re sharing, and, Egan said, Facebook tries to make sure that is accomplished.

“At the end of the day, you’re going to Facebook to share and connect,” Egan said. “So what does privacy mean? Do people understand what’s going on? If we think they don’t,” she answered, “then we’ll call it out.” She said Facebook is constantly tuning and building user controls. “You can delete, change your audience, search in bulk,” she said. “Privacy is the word we all use, but we’re really in the business to maintain trust.” And really, in some respects, Egan is more like a chief trust officer.

Additionally, there’s no single type of transparency, she allowed, but rather, “different concepts.” Of course, there’s the standard long-form privacy policy, or as Facebook has it named, its data-use policy. But, Egan said, the company wants to convey the relevant message into shorter policies. “For us, it’s making sure people understand the policy. We are thinking about other ways to bring that data literacy out,” she said.

“If people are surprised,” she added, “that’s not good for me.”

Another path Facebook is exploring is the use of icons. For instance, she said, a cloud pops up when a user is about to post something publicly. And as the company keeps up with the mobile sphere, the literacy of icons becomes significantly more important. Long-form policies are unreadable on a big screen, let alone a mobile device, but Egan remained optimistic about the use of icons, noting that everyone now knows the recycling icon.

She also said Facebook is exploring other ways to be more transparent and provide user control, particularly in advertising. She noted the company has a set of advertising guidelines that companies must follow. “If a company wants to sell medical devices,” for example, “then they have to comply with applicable law. Full stop.”

Data literacy has a role here as well, she said, noting Facebook wants to educate users on why they receive the ads they see. “We have icons and controls to tell them why they are getting that ad. We want them to be relevant.” She also said if an ad on Facebook is based on information not from Facebook, a link is provided to the source. Egan also noted Facebook is looking into the development of ad preference managers. Look for something in the next six to nine months, she said.

And yet, as many companies recently found out, maintaining trust after a year of National Security Agency surveillance disclosures—including evidence companies such as Facebook have been compelled by law to share user data with the government in bulk, or in some cases, have had backdoors allegedly installed into servers—is not always in the hands of the private sector. Facebook, along with Twitter, Apple, Yahoo, Google, Microsoft and others have been vocal in calling on the government to allow for more transparency.

Egan said she was in Europe at the time of the earliest Snowden leaks last June. “It was a big deal for all companies,” she said. “We had never heard of the allegations that were being made.” She said the company had never heard that there were backdoors into their servers until the leaks. In response, Zuckerberg vociferously maintained the company only does what is lawful and had “never been part of any program to give the U.S. or any other government direct access to our servers.”

And though the government argues what it has done is legal, many, including Zuckerberg, maintain it’s not the safest and most secure. “So it’s up to us—all of us—to build the Internet we want,” he wrote on March 13, adding, “I’m committed to seeing this happen, and you can count on Facebook to do our part.”

Whether you do or not, Facebook is counting on that trust and hopes its consumers aren’t thinking the worst.

Written By

Angelique Carson, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»