Sophos Cloud Optix
On Friday morning, Tonia Ries was dismayed to find, upon logging into her Klout page, that Klout is now listing her son as a person whom she influences.
Tonia Ries wrote about this for The Realtime Report, which reports on social media business and realtime marketing case studies, campaigns, research and statistics at TheRealtimeReport.com. In other words, and I mean this in the nicest possible way, since all of us bloggers fall into this same category, she’s a media wonk. She’s someone with a following whose business it is to make information public.
Because her son commented on one of Ries’ Facebook posts, he inadvertently stepped into this public realm where pundits live.
In other words, a young adult who has no Twitter account and goes to great pains to manage his online privacy now has a Klout profile.
This was all done, per Klout and other influence measurers’ modi operandi, without the profile subject’s permission, without his knowledge, and without a particularly healthy chance of his being able to opt out or deactivate his profile, because that is simply not the Klout way.
It’s not that Klout doesn’t talk the privacy talk. It’s not like Klout doesn’t pay lip service to our supposed ability to delete our Klout accounts. We have Danny Brown to thank for the knowledge of how futile it is to trust that Klout will follow through, however.
Brown, co-founder and partner at Bonsai Interactive Marketing, wrote to Klout months ago requesting that his profile be deleted, per Klout instructions.
Here’s what Klout Marketing Manager Megan Berry told him back in August when he tried to delete his account:
“Klout collects public data in order to measure influence,” Megan wrote. “It is similar to how Google crawls websites in order to display them in their search results. We don’t display any information that isn’t available publicly on your Twitter profile and we do not collect any private data without your explicit permission. If you don’t wish your data to be public, you can look to your privacy setting on that network in order to change it.
As Klout states in its FAQ, “Klout collects public data in order to accurately measure influence. Users can control the data available to Klout by changing the privacy settings on individual networks.”
Oh, really? In which case, one would assume, one could adjust Facebook settings so Klout “will never access your private data unless we have explicit permission,” as the FAQ continues.
It sounds reasonable. It sounds like it would be easy to opt out, right?
No. As Danny Brown has demonstrated, it’s not easy to delete your Klout profile.
And as shown by myriad legal actions, Facebook is clinging to our private data even after users supposedly delete it. This has come to light most clearly in the complaints brought by Max Schrems against Facebook in the Europe vs. Facebook privacy war. Schrems found, after getting curious about what data Facebook was retaining on him, that it was, among other things,
-
* Retaining data on pokes after a user removes them.
* Collecting data about people without their knowledge, using it to substitute existing profiles and to create profiles of non-users.
* Using tags without specific user consent.
* Gathering personal data – e.g., via its iPhone app or the “friend finder” – and using it without the consent of the data subjects.
* Retaining posting data after user deletes.
(For the full list of 22 complaints, see Kim Cameron’s Identity Weblog.)
As for Ries’ son, he apparently got caught up in Klout’s net because of Facebook’s recent platform changes – namely, the one that allowed users to specify whether their posts were visible just to friends or public or some combination of the two. As Ries describes it, whatever you used for your last post becomes the default for your next post.
“As a result, my Facebook posts are set to be visible to the public,” Ries wrote. “And when my son recently commented on one of my Facebook posts, so was his comment – and Klout used that comment to find him and create a profile on him.”
This should be disturbing to any parent. The Facebook page for Ries’ son won’t turn up if you run a Google search on his name + Facebook, nor via searching on Facebook search unless you have ample personal data on him.
But now, Ries says, “you can easily find him via a prominent link from the Klout profile of a relatively public person.
“I’m not a legal expert, or a privacy expert, so I have no idea whether laws are being broken here,” Ries writes. “But the idea that, just by virtue of the fact that he commented on my post, I am now exposing him, a link to his Facebook profile, and the information that Klout is pulling on his social graph – all in a far more public and visible manner than he would ever chose to agree to – is extremely disturbing to me.”
There are very good reasons not to participate in Klout. As Danny Brown rightfully points out, some companies are basing ill-conceived hiring decisions on Klout scores:
"If someone has a low score because they don't know they're on Klout, and get passed by for a job even though they're the best qualified, that makes your system screwy (it also doesn't say much for the research angle of the company in question)"
What does it take to get a low Klout score? Perhaps a low level of impact. Or perhaps a simple lack of willingness to make all your networks public so they’ll feed the gullets of Klout et al. Does that make you inconsequential?
In fact, when I was going back and forth with a client within the past year, the client requested all contributors’ Klout scores. That was the first time I paid any attention to it. I didn’t expect mine to be big. It wasn’t. It was an ignominious 22 out of 100.
Was it because I didn’t influence anybody? Well, no, more like I didn’t give a rat’s ass about Twitter. I still don’t, and I’m currently enrolled in a class on social media to try to turn my head around about that. Because I’ve dragged my recalcitrant self into occasional Tweeting, my Klout score had doubled as of a few days ago.
Who cares? My clients. People like Ries and me don’t have much choice to participate in this game, because influence is the coin of the media realm.
Does that mean that Ries’ son, assumedly a person unsullied with the taint of the pundit’s need to display influence on others, has no say in getting dragged into the public arena? Should anybody’s child be dragged into that arena without explicit opt-in?
No. And the least we can expect is that the ability to opt-out is uncumbersome and speedy: far speedier than the months that have dragged on for Danny Brown.
Marian Heath, who manages family safety for Facebook, has responded to an All Facebook blog entry to say that Facebook is investigating the issue:
"To be clear, what you describe is not a bug, this the way public comments have always worked on Facebook. We think it's important for adults and minors alike to be aware that comments made in public spaces—on Facebook, elsewhere on the Internet, or indeed anywhere in the offline world—are, in fact, public. In particular, we spend a lot of time educating teens about how they represent themselves online and ensuring that they understand how to use our tools to control what they share. Separately, we're investigating the company mentioned here to be sure that they are in compliance with our Terms of Service."
It sounds kind of like blaming the victim, doesn’t it? Because unless a kid explicitly opts out, let’s face it: that kid is getting sucked in, whether he/she/the parents want it to happen or not.
Hi
As I already published at Tonia and Danny blog, Klout permanently deleted my profile at my request. I used the Eu Data Privacy Directive, article 7, to achieve this.
If you so wish you can replicate parts of my post or its entirety under a CC License by. The instructions can be found here http://thezargon.org/googleplus/
Lisa – thank you for writing up such a well-rounded, in-depth article on these issues. There are many applications that track far more personal data than most people realize. But Klout then uses that data to create a public and personally-identifiable profile for an individual–and that's where the level of accountability needs to step up beyond simply saying they "do not collect any private data without your explicit permission." (and – commenting on a public post is a very narrow way to define "explicit permission.)
It is also untrue for them to say that they "don't display any information that isn't available publicly on your Twitter profile." They create and display a score. Many "social media experts" have a lot of anxiety about their score. Imagine what will happen when a bunch of 9th-graders start comparing Klout scores.
I hear you on that, Tonia! I don't have kids myself, but my memories of high school are that it was pretty much a collection of self-conscious Klout scores walking around in human form. Thanks for bringing the issue to light, and thanks for delineating the accountability issues, and most particularly thanks for underscoring how disingenuous are Klout's claims. And p.s., I forget where I saw the comment, but somebody suggested that Klout could simply put up a page saying that a given person's profile is unavailable. How hard could that possibly be to work into the technology?
Good Morning Lisa. This specific topic is getting a lot of playtime of late. By no means should Klout be pulling info from anyone that is younger than 18. My guess here is the minor doesn't have their birthday in their FB profile and the API pulls the info as a default if no birthday. Thus Klout pulled the data. FB is as much to blame if we want to point fingers.
If Privacy is high on one's list, especially their kids privacy, maybe staying off-line is the solution. If my kids wanted a FB account and I was highly concerned about privacy, FB is the last place they would be registered. Today whether we like it or not, we give up some privacy the minute we register to any Social Network. It's the reality of today. If we want to participate in the game, you put yourself out there no matter what the privacy settings. We can't have it both ways. It's the nature of the beast.
Have a great weekend…
Thanks for the input, sbhsbh. I agree that it's the nature of the beast, and I agree that anybody (not just kids) who's concerned about privacy should stay the hell off of FB. That doesn't let FB off the hook when it comes to misrepresenting what information they collect and retain, which is why I'm very interested in seeing the results of the Europe v. Facebook complaints I mentioned in the post. Is there a site that specifically tracks the legal entanglements in which these social networking sites are embroiled? Does anybody know? I have to get in touch with EPIC and ask a few other questions… I'll share whatever I find out…
Happy weekend!
Lisa
Actually it is fairly easy to have Klout delete your account permanently. It took them less than 2 days to do it for my account: you just have to threaten them with a Cease & Desist order. Apparently Klout knows that what they are doing is wrong, and illegal in the European Union under the Data Privacy Directive (article 7).
I wrote a post explaining how any user can have they account removed from the service: http://thezargon.org/googleplus/2011/10/how-to-ge…
Please feel free to replicate the whole of parts of it. I think that users should know that there is an option regarding this issue.
But what is you’re in the states? I’ve been trying for almost 48 hours and sent them 5 emails and have gotten NO response!
I believe that the DPD doesn't actually care where you're located — they just care about the data handling practices of the company that does business in the EU. As such, you can still quote the DPDa7 — although you'll have a harder time actually prosecuting, as you'll have to get the attention of someone in the EU and get them to care about your case if Klout decides to ignore you anyway.
Facebook is pretty bad with security.
Here's something for you guys to look over:
Even if someone has their friends list on private, if you try to add them, it will bring up a page that says something like "You may also know these people", and all of their friends will be listed their regardless of whether they're private or not.
Thanks for posting the link. Now, what did you do that Danny Brown didn't? Are you in the E.U.? That Data Protection Directive you have over there really seems to have some muscle to it. I mean, it seems to get the social network companies' attention pretty effectively. Do you think that might have made the difference? I keep wondering what laws we have in the USA that compare to the EU directive. Yo, readers, please go check out fjfonseca's posting if you want to kill your Klout profile. Good stuff.
Scary!! I’ve commented on some posts and don’t know if they were public or not. How would I go about finding out if Klout has made a profile on me without having to sign up for it???
A Klout advert right in the middle of the article. How meta.
Not an advert methinks, but a screenshot.
…what's the difference? 😉
Lisa – thank you for writing up such a well-rounded, in-depth article on these issues. There are many applications that track far more personal data than most people realize. But Klout then uses that data to create a score and post it on a public and personally-identifiable profile for an individual. That's where the level of accountability needs to step up beyond simply saying they "do not collect any private data without your explicit permission."
The simple important point here is that if your not happy to share your information then don't put it online in the first place.
While that is true, communicating online is become more of a 'standard' lately, where people try to use the pirvacy settings to the best effect to shield themselves from the public eye. Such online environments do often tell that discussing privately is possible by using the right options – but this just isn't the case.
I do think that it would be good to understand that public and semi-public environemtns should not be used by childern yet, because they are dangerous in many ways. facebook may seem fun and ok, but let's face it – that stuff never goes away. And 10 years later an employer can find the worlds that the prospective employee types when he was 13 years old. And we all know that tennagers just aren't always mature on the internet.