Facebook is updating its data use policy in an attempt to give people more clarity on how the company uses information they share.
As part of the changes, Facebook is also signaling that it may start showing people ads on sites other than Facebook, targeting the pitches to interests and hobbies that users express on Facebook.
The move comes a week before Facebook Inc.'s expected initial public offering of stock. Facebook held events with potential investors this week, including one in Silicon Valley on Friday, and it has posted a version of its road show online. The offering could value Facebook at nearly $100 billion — more than Kraft, Ford and other major brands.
The policy changes are in response to an audit by Irish data-protection authorities last year, Facebook said Friday. The commission had asked Facebook to be more transparent about how it collects people's data and uses it for advertising, as well as how long it keeps such information.
Facebook plans to notify its more than 900 million users of the changes through advertisements around the site and on its mobile apps. Users who want to dig deeper can read a version of the policy that highlights the changes word by word. Erin Egan, Facebook's chief privacy officer, will host an online chat Monday to answer any questions.
Egan said the company wasn't substantially changing its business practices, but wants to "err on the side of providing too much information." (An explanation of the changes is here.)
Facebook's overseas headquarters are based in Dublin, Ireland, a member of the European Union. This means the company is required to comply with European data privacy laws. Facebook said the changes were also a response to feedback from its users.
As part of the changes to the policy, Facebook has created a section to explain how it uses technologies such as cookies to deliver ads, secure the site and offer various features. Cookies, which are small files containing data or alphanumeric IDs, are commonly used to track people's activities around the Web, for example. The information could then be used to target ads to their hobbies and interests.
The changes also incorporate updates that Facebook has made to its site since its previous policy revision announced in September. This includes reorganizing people's profile pages in a "timeline" format and adding an "activity log" that lets people see everything they've done on the site, as well as who can see it. The "cover photo" people put on their timeline is considered public information, along with their gender.
Facebook also has given itself more leeway on how long it keeps information it collects. Before, it has typically kept such data for 180 days. Facebook said it will now retain data for "as long as it is necessary to provide services." This could be longer or shorter than 180 days.
For example, if a company creates a "page" for its brand, Facebook said it wouldn't delete the information put there "simply because 180 days had passed."
"Instead, we would delete it when it was no longer needed — when the page owner deleted it or closed its account," Facebook said.
Some of the changes give a glimpse of what Facebook might do in the future. Though it doesn't currently show people ads outside of Facebook.com or its mobile apps, the updated policy gives it the option to do so. This is something other companies, such as Amazon.com Inc.'s Zappos.com, already do. For example, people who click on shoes while shopping on Zappos might see the same shoes pop up in ads elsewhere, even if they are not logged into Zappos. This is what cookies do.
Justin Brookman, director of consumer privacy at the nonprofit Center for Democracy and Technology, said Facebook hasn't been very explicit about this possibility before, "but now they seem to be calling it out."
While such ads may "creep people out," he added, it doesn't mean the company would be collecting more information about users than it already does. It's also a new revenue source.
Jules Polonetsky, director of the Future of Privacy Forum, an industry-backed think tank in Washington, said Facebook's overall data use policy is "a really interesting document" that teaches users how the service works — sort of like a user's guide.
Most privacy policies read like legal documents, though there are other exceptions, such as Google Inc.
What's more useful, Polonetsky said, is to give users advice and options at the time that they need the information. Facebook already does this in many cases. For example, when users post a status update, they can decide whether that will be visible to their friends or to the broader public.
"That's how people are really going to learn," he said.