The blogosphere has been abuzz lately about Facebook’s new privacy settings, but lost amid all the noise is Facebook’s implementation of a new user-friendly privacy policy.

For those who haven’t been paying attention (or who haven’t logged on to Facebook lately), Facebook’s 350 million users are being asked to refine their privacy settings with a new software tool that allows users to dictate who has access to each category of content the user uploads to the website. Critics have slammed the updated privacy settings in large part because of certain personal information that is deemed public to all Facebook members: your name, city, gender, photograph, your lists of friends and “fan” pages, and networks to which you belong. Facebook is also being criticized for the default privacy settings, which would allow a user’s status updates and other content to be shared with anyone on the internet.  On December 17, 2009, the Electronic Privacy Information Center (“E.P.I.C.”), joined by nine other privacy and consumer organizations, filed a complaint with the Federal Trade Commission asking for an investigation into these changes, which the complaint describes as “unfair and deceptive trade practices.”

Lost amid this public outcry is Facebook’s recent move to a more user-friendly privacy policy. To comply with California’s Online Privacy Protection Act, operators of websites or online services that gather “personally identifying information” must conspicuously post their privacy policies online. This policy must (1) identify the personally identifying information the site or service collects and with whom it shares that information, (2) describe any available process by which a user may review and/or request changes to the personally identifiable information collected, (3) describe the process by which the site or service notifies users of material changes to its privacy policy, and (4) identify the policy’s effective date.

The problem with most privacy policies designed to comply with California’s law is that, generally speaking, privacy policies are dense and full of legalese. In the context of the federal Gramm-Leach-Bliley Act (“GLBA”), regulators have recognized that hard to read privacy policies are not helpful to consumers, and have taken steps to encourage more user-friendly privacy policies. (See our November 20 post regarding GLBA privacy notices here.) Facebook has responded to these concerns by adopting a completely rewritten privacy policy designed to make its policy more accessible and easier to understand.

For example, Facebook’s new policy includes a bullet point summary of key points at the beginning of the policy followed by section headings that allow users to jump to particular areas of the policy. Complex legal terms have been replaced throughout the policy by more basic language, with hyperlinks to pages containing more detail on key terms or issues. On Facebook’s company blog post detailing the new policy (available here), the company commits to adding additional definitions of key terms, screen shots of important pages, and “learn more” video content.

It isn’t hyperbole to say that Facebook’s privacy policies are subject to more public critique and impassioned criticism than any other in history. Regardless of your position on Facebook’s new default privacy settings, Facebook’s revised privacy policy is a step towards providing its users with clarity regarding how the information its users share is gathered and used. More importantly, the move toward a simpler online privacy policy is likely a sign of things to come in the Internet business community.