Facebook's new terms and data policies: 4 things to check

Facebook says it wants to be "black and white" in explaining to consumers about how its products work. But the latest changes to its policies for handling user data may leave many scratching their heads. 

The social media giant, which on Wednesday issued updates of its data policy and terms of service, isn't changing what the company collects from its more than 2 billion users; nor is Facebook overhauling its privacy policies. But the latest statements from Facebook do shed light on how much data it collects on you and how that information is shared with other services. 

For anyone concerned about privacy, it doesn't make for comforting reading. The data policy now specifies that third-party apps, like games or quizzes, can receive comments or links you send from the app on Facebook. Such apps may also access your public profile and any information you share with them. And information gathered by those apps isn't subject to Facebook's terms and policies, but rather by the apps' own standards. 

"Facebook has made substantial progress, but whether it's clearer I'm not so sure," said Ilia Kolochenko, CEO of web security company High-Tech Bridge.

He added that consumers must be aware that when they use a free service like Facebook, their data will be used for commercial purposes. "Facebook has to pay for cloud services, storage, security," he said, noting that selling ads based on consumer information is at the heart of their business model.

Something else worth noting: Facebook's changes are only proposals. The company said it will solicit comments for seven days before making its new terms and data policy official.

Still, consumers can get a better idea of how Facebook is using their data -- and of what information is being collected in the first place -- by taking a few steps:

Read through Facebook's new data policy and terms

Yes, it's boring -- do it anyway. Kolochenko said that most consumers don't bother to read through data and terms of service statements, which can lead to misunderstandings about how your data is used. Facebook's data policy can be found here and the terms can be found here

Make a note of what doesn't make sense or might be unclear. If you have questions or feel the policy doesn't clarify how your data is used, provide feedback to Facebook through this form

Run a diagnostic on your privacy settings

If you can't remember your privacy settings for Facebook posts, apps or your profile, it's a good idea to run a privacy checkup. 

That can be found by clicking on the question mark icon at the top of your Facebook page. One of the choices is "Privacy Checkup." The service will walk you through your settings, including allowing you to delete third-party apps or disable them from accessing your friends' data. 

You may have forgotten how many third-party apps have access to  your data. For instance, this reporter ran a diagnostic and found that a quiz app called "There/Their/They're Test" (yes, just the type of test a journalist might jump on) had access to her personal information. Even after deleting the app, Facebook informed me that the test may still have my information. 

Download your Facebook data

This takes a few minutes and tells you what data the service has collected on you. It can help you get a sense of what you're sharing, and how comfortable you are with that information being accessible to Facebook, as well as to advertisers. Although Facebook doesn't sell raw data, it's targeting you with ads based on what you share with them. You can find the service here.  

Don't forget Instagram and WhatsApp 

One change in Facebook's data privacy statement was the acknowledgment that it shares data with its other services, Instagram and WhatsApp. Because of that, it's also important to review your data settings for those services. 

Facebook doesn't specify what types of data it might be sharing between the photo-sharing and messaging services. It provides only one example for WhatsApp, saying that it shares data about spam. But language of the data policy makes it unclear if it shares more than that.