Ireland’s Office of the Data Protection Commissioner has found Facebook Ireland to be compliant with Irish and European Union law, and has reached an agreement that gives users even more control over privacy in the next six months.

The commissioner completed a three-month audit of Facebook Ireland following a formal complaint suggesting the social network was creating “shadow profiles” of non-users. Because Facebook’s international headquarters are located in Ireland, the commission there oversees the company’s legal compliance for all users outside of the United States and Canada. The audit found “positive approach and commitment” by Facebook Ireland to respect users’ privacy, but made several recommendations that the social network has committed addressing before a follow-up audit in July 2012.

These recommendations include increased control over tagging features, an update to the data use policy, sooner deletion of user and non-user data and more transparency and control over how personal data is used in advertising on the site.

With regard to “shadow profiles,” the commission determined though Facebook receives some non-user data, it is not being used to build profiles of those people. The report also states that the social network is “now taking active steps to delete any such information very quickly after it is received.”

The findings of the report are overall positive for Facebook, which many people mistrust because of the massive amounts of data it collects and new features that force users to opt out rather than opt in. How the company addresses individual recommendations from the commissioner remains to be seen, but it appears to be willing to make concessions on certain features to give users more control and satisfy watchdog agencies. According to a press release from the commissioner, “Taking a leadership position that moves from compliance with the law to the achievement of best practice is for Facebook Ireland to decide but if it continues to display the commitment I witnessed throughout the audit process it is certainly achievable.”

Last month, Facebook settled charges with the U.S. Federal Trade Commission so that any sharing-related privacy changes will now be up to users to opt into. This was in response to an action Facebook made in 2009, which forced all users to make some information public, including name, profile photo and list of friends.

The full report from the Data Protection Commissioner is available here. The social network responded to the report in a note on its Public Policy Europe page.

Facebook, Greenpeace Agree on Energy Policy – Facebook and Greenpeace have come to an agreement this week on the promotion of green or renewable energy the social network uses to operate. [Photo via Facebook]

Facebook Updates JavaScript - Facebook announced in a blog post this week that JavaScript SDK changed to OAuth 2.0.

Involver Reports Facebook Marketing Adoption – Involver reported this week, in infographic form, that businesses are adopting Facebook as a marketing tool at faster rates.

Facebook Compiles Top Political Articles of 2011 – In a note on the U.S. Politics on Facebook page, the social network listed the most popular political news articles of the year based on Facebook shares, posts and use of social plugins.

Developers Attend Social Games Hack at Facebook – Developers GameHouse, Tien Len, Attributor and GameFace.me took home prizes for the most innovative hacks at Facebook Games Hack, an event aimed at educating developers on Open Graph integrations.

Other Announcements:

Ticketfly Raises $12M -  Ticketfly reported this week that the company released an integrated in-app Facebook app to allow vendors to sell tickets right on Facebook.

Buddy Media Launches Power Your Connections Contest – Buddy Media launched the Power Your Connections Illustrator contest this week, inviting artists to design their own interpretation of the art of connections, as in social media connections. The prize is $5,000, a feature in Buddy Media’s campaign and a showcase at SXSW.

Airline to Let Passengers Choose Seatmate Using Online Profiles – KLM Royal Dutch Airlines is launching “meet and seat,” a way to view Facebook or LinkedIn profiles of the people you could sit next to on your flight.

Facebook is prompting some users to tag the location of their past photo albums.

A module on the top left of some Facebook pages offers a suggested place page based on the plain text location included in an album’s description, asking “Was this taken at [location]?” If a user clicks “Yes,” the album’s location will link to the appropriate place page and the album will appear on the Map feature of the new Timeline.

This action builds more links between users’ online activity and offline whereabouts, which could have implications for ads and other Facebook services. The change also helps venues or businesses whose pages could see more activity as a result of being tagged.

Although Facebook discontinued Places as a singular product on the platform, the company has since integrated location into several features. In August, Facebook introduced the option to tag photos, status updates and Wall posts with location. At F8, Facebook previewed a map section as part of the new Timeline profile.

By encouraging users to include location with the content they add and have added in the past, Facebook can create richer profiles of its users. This location data could be applied to influence Edge Rank and ad targeting.

Facebook is close to settling charges by the Federal Trade Commission that it deceived users about privacy changes, The Wall Street Journal reports. The settlement would “require Facebook to obtain ‘express affirmative consent’ when it makes ‘material retroactive changes’” to private user data. In other words, sharing-related privacy changes will now be up to users to opt into — Facebook won’t be able to force people to either make more data available, or have to “opt out” of using Facebook.

The specific issue is that Facebook changed its privacy policies in late 2009, forcing all users to make some information public that it had previously said would not be made public. Until that point, Facebook’s policy had said that “you choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the Privacy page.”

That November, it announced that some of this information – profile name, profile picture, list of friends, current city, gender, networks, and Pages — would be made public as part of a privacy policy change. And it was, that December, causing an outcry among some users and privacy advocates, and getting the FTC’s attention.

While both the November policy change and December product update stated what the changes were, many users still didn’t comprehend what was going on — especially because Facebook had not previously told them to expect such changes. Further issues, like Facebook making all Liked Pages public in April of 2010, or more recently offering a face-targeting service, have added to the perception among some that Facebook is not prioritizing privacy.

The settlement, which Facebook isn’t commenting on right now, appears to create new limits around what Facebook might launch in the future. It would be precluded from doing anything like that December 2009 product change, for example. In addition, Facebook will be subject to independent privacy audits for the next 20 years, although it’s currently unclear who the auditors would be or how they would hold Facebook accountable.

Facebook’s side of this story is that it has needed to revisit out the right balance of public/private as its service has evolved, and as cultural expectations around privacy have changed. When the company first launched on college campuses, the whole point was to offer a private community. Today, some use the site for sharing content more publicly.

If the FTC had acted earlier, maybe it would have precluded Facebook from creating more value for users (a key risk that the company created for itself due to its decisions). For example, if some large portion of users had chosen not to make their profile photos and names public, Facebook’s social plugins would be able to show significantly less relevant social information to other users.

But at this point, Facebook appears to have gotten its main privacy changes completed, and we’re left wondering what the FTC will have left to enforce.

Facebook’s business is built on trust, but that trust has been shaken over the past few weeks by criticism and speculation regarding how it uses browser cookies to get data about users.

A lack of thorough documentation explaining what each of its cookies does has led some observers to assume that the company is tracking offsite browsing behavior in order to target ads. Facebook needs to provide explanations for both the average user and privacy researchers about how exactly its cookies work in order to prevent these press flare-ups from giving users a negative impression and bringing on regulatory scrutiny from governments.

Some bloggers claim cookies left by Facebook and third-party sites that integrate its social plugins indicate that the company is tracking users’ web browsing behavior, then using that data to target ads in a way that violates user privacy. Facebook has refuted the claims, saying that users agree to receive the cookies and that the cookies are used to enhance site security and power the social plugins, not create a profile of a user’s offsite behavior to better target ads against.

Unfortunately for Facebook, the claims are still giving off a negative impression of the service and sparking complaint letters to government agencies from privacy advocate groups. A patent application for the company’s social plugins that included language about tracking and targeting ads has also helped fuel the controversy.

While Facebook does currently include some explanation of how it uses cookies in its privacy policy and Help Center, this information clearly isn’t complete, comprehensible, or prominent enough to deflect criticism. Facebook engineer Gregg Stefancik, who has responded to critics on blog comments, even noted “we haven’t done as good a job as we could have to explain our cookie practices.”

Facebook could have avoided much of the crises by being more transparent about it how it uses cookies. We believe Facebook should consider drawing up two dedicated documents explaining how it uses cookies and tracks offsite activity. Much like its “re-imagined privacy policy”, there could be one simple version designed for the average user and a second detailed version for privacy advocates. The company also needs to demonstrate that is doing what it says it in a way that observable by outside parties.

Cookie Criticism: The Issues to Date

Since the launch of social plugins and before, Facebook has left cookies on the browsers of people who sign up for accounts as well as anyone else who visits Facebook.com. These cookies are used to protect the site against hacking attempts and to show logged in users what their friends have Liked on third-party sites, the company has repeatedly said.

Facebook’s privacy policy says the following: “We receive data whenever you visit a game, application, or website that uses Facebook Platform or visit a site with a Facebook feature (such as a social plugin). This may include the date and time you visit the site; the web address, or URL, you’re on; technical information about the IP address, browser and the operating system you use; and, if you are logged in to Facebook, your User ID.”

The Help Center follows with more detail: “We use cookies to make Facebook better and easier to use, to provide you with a more personalized experience, to improve the ads that you see, and to protect you, others, and Facebook from malicious activity. We do not use cookies to create a profile of your browsing behavior on third-party sites or to show you ads, although we may use anonymous or aggregate data to improve ads generally.”

In May 2011, The Wall Street Journal reported that Dutch security researcher Arnold Roosendaal discovered that sites integrating Facebook’s social plugins were leaving cookies on the browsers of users who had never visited Facebook.com and were transmitting browsing data back to Facebook. Facebook said this was a bug and that it discontinued the practice of social plugins leaving the “datr” cookie.

On September 25th, 2011, Nik Cubrilovic wrote that Facebook was maintaining several cookies on the browsers of users even after they log out, and that these cookies include a User ID and could be used to target ads.

Facebook engineer Gregg Stafancik responded that the cookies were used for security purposes, not ad targeting, stating that “generally, unlike other major Internet companies, we have no interest in tracking people. We don’t have an ad network and we don’t sell people’s information.” He then outlined how Facebook uses its cookies:

The logged out cookies, specifically, are used primarily for safety and security protections, including:
– Identifying and disabling spammers and phishers
– Disabling registration if an underage user tries to re-register with a different birth date
– Helping people recover hacked accounts
– Powering account security features, such as login approvals and notifications
– Identifying shared computers to discourage the use of “Keep me logged in.”

He repeated that the cookie that identifies a user was the result of a bug. He noted “thanks, again for raising these important issues. We haven’t done as good a job as we could have to explain our cookie practices. Your post presents a great opportunity for us to fix that.”  The information Stefancik detailed in the comments of the post about how cookies are used for logged out users currently appears in the Help Center, although it’s unclear if it was added here since Cubrilovic’s post was published.

On September 27th, Cubrilovic wrote that Facebook had fixed the bug causing the cookie containing UIDs to be retained after log out, and that this cookie was now destroyed after log out.

On October 1st, Uncrunched published an article titled “Brutal Dishonesty” outlining how Facebook had said it does not track users, but that on September 22nd filed a patent application that includes the line “A method is described for tracking information about the activities of users of a social networking system while on another domain.” The language in the patent indicated that the information at least had the potential to be used to target Facebook ads.

A Facebook representative commented on the post in an official capacity to say that the patent merely describes how Facebook’s social plugins work to show logged in Facebook users the Likes of their friends without them having to log into Facebook again on a third-party site. The comment downplayed the idea that Facebook is currently using the data to target ads — although we don’t have a way to independently verify if it is or isn’t, or that it won’t in the future.

On October 3rd, Cubrilovic wrote that he had discovered the datr cookie was still being left by some Facebook-integrated third-party websites. In response to Facebook’s claim that it doesn’t track users, he wrote “I believe them when they say this and that they are not hiding anything, but I also believe that our definitions of tracking differ. If you set a cookie on a users machine from one website, and then read that cookie from that person’s machine from another website, that is tracking.”

Stefancik then commented on the post on the morning of October 4th to say that “as we discussed last week, we are examining our cookie setting behavior to make sure we do not inadvertently receive  data that could be associated with a specific person not logged into Facebook. We have been made aware of 2 instances in the past 2 weeks related to cookies which needed to be addressed. What you describe in this post is not a re-enabling of anything, but a separate issue involving a limited number of sites, including CBSSports. We have moved quickly to investigate and resolve this latest issue which will be fully addressed today.”

Facebook Needs Documentation to Refer to

The fact that Facebook had to comment directly on three blog posts in an attempt to debunk speculation shows there is a lack of clear documentation explaining its use of cookies. By publishing its responses as governing documents and making them easy to find, Facebook could address users’ questions before they draw their own, sometimes-negative conclusions about the company’s intentions.

We should note that a wide variety of other web companies, specifically online advertising service providers, have aggressively tracked and in many cases inappropriately used information about users, often aggregating and reselling user data without the user having any idea of what they are doing. Facebook wants to be seen as above the controversies surrounding the industry — and because so many users opt in to share their data to Facebook by joining and using the service, that claim appears to by and large be true. Yet the combination of unclear explanations, past issues, and the patent are getting in the way of its effort to explain its case.

The onus is now on Facebook to fully explain how it does and does not track users across the web and use that information back on Facebook — and prove what it says through the technology that it deploys across the web.

Facebook offers users the Download Your Information tool to let them get a copy of all their content and connections, but we’ve now learned that the site is storing additional data about users not available in this export. This data includes deleted content, rejected friend requests, removed friends, a list of all of a user’s logins with timestamps and IP addresses, and several unfilled data fields that could pertain to unreleased products.

European citizens can request for Facebook to send the a CD loaded with a .PDF of this data plus much of what’s available in Download Your Information independently or through a privacy organization called Europe vs. Facebook, as Silicon Filter reports. However, Facebook makes users fill out a complicated form and reports indicate it doesn’t always comply with requests right away.

Still, the knowledge that Facebook is storing so much data, meta-data, and deleted data on users may impact how they use the site and view the company. Facebook should consider making more of the data it holds available to each user regardless of their citizenship. Most of the data wouldn’t be valuable to competitors, but just knowing they could retrieve it might quiet the privacy and data portability concerns of some.

Critics and security researches often complain about how Facebook handles user data. Just this week, Facebook came under some partially misguided criticism about the cookies it stores on a user’s device after they log out. Nik Cubrilovic thought Facebook was using some cookies for ad targeting when they were actually to improve site security. However, Facebook did confirm a bug discovered by Cubrilovic was causing User ID numbers to be stored in cookies in some cases, and has pledged to fix this today. More transparency could reduce the frequency of these complaints.

Highlights from the Facebook Privacy Data CDs

European users who succeed in leveraging their right to access personal data about themselves receive a CD containing the following data fields:

Here we’ll look closer at some of the more interesting data fields and discuss why users might be concerned that Facebook is holding this information:

Removed Friends and Friend Requests

Last week, a guide surfaced explaining how to use a complicated process and the new Timeline profile to determine who you are no longer friends with but once were. This data is readily available in the Facebook data CD.

User     Peter Freund (2266770044)
Time     2008-06-05 23:54:03 UTC
Removed By     2266770044

Also available is the date, sender, recipient, and status of all the friend requests a user has sent or received. Users might be surprised to find out even their rejected friend requests are being stored.

Sender     Peter Unfreundlich (1122334455)
Recipient     Max Mustermann (123456789)
Rejected      true
Time      2008-08-25 06:50:56 UTC

Logins and Account Status History

The Facebook data CD includes a record of the time, IP address, and site of every time a user has ever logged in to Facebook. This data may be deleted by Facebook after some time. As there is no record of visits or time-on-site, this is the closest users can get to finding out how frequently they’ve checked Facebook. Also available is a record of all the account activations and deactivations, which could be used to identify those especially concerned with privacy.

Ip     178.190.001.001
Time     2011-06-27 17:41:16 UTC
Site     WWW

Photos, Shares, and Wall Posts

While users can find some of this data in Download Your Information, these fields also included content users had deleted as well as lots of meta data. Shared links and wall posts that users had deleted appeared in the data CD.

It appears that when a user deletes a tag of themselves from a photo, that tag is actually only “deactivated” and may still be present in Facebook’s records. All the meta data about a photo’s location, when it was taken, with what device, and many of the device’s photo settings are also available in the data CD but not Download Your Information.

Album    Mobile Uploads
Image    [Fofo-Datei]
Titel    Picture of Max, Perta and Kurt
Photo   http://a4.sphotos.ak.fbcdn.net/hphotos-ak-snc6/123_123_123_123_123_n.jpg
Link     http://www.facebook.com/photo.php?fbid=123456789&set=a.123.123.123&type=1
Upload Ip     123.123.123.123
Uploaded     2009-04-10  13:06:43 UTC
Tags               Subject Id     123456789
                      Subject Name     Max Mustermann
                      Creator Id     123456789
                      Created     2009-04-10 17:25:23
                      X      51
                      Y      23
Comments     User     Max Mustermann (123456789)
                     Text      I love this pic!
                     Time     2009-04-10 17:28:10 UTC
Taken     2009-04-10  11:03:46 UTC
Modified     1234567890
Camera Make     Apple
Camera Model     iPhone 3GS
Orientation    1
Original Width    0
Original Height     0
Exposure    
Fstop  
Iso Speed     0
Focal Lenght    
Latitude     48.123456789012
Longitude     16.3655

Last Location

This shows the geographic location of a user’s last login to Facebook, including latitude, longitude, altitude, accuracy, altitude accuracy, heading, and speed. This data could be based on IP address, mobile phone sensors, checkins, listed current city, and more. It could be used to personalize the site’s content. It could also help Facebook identify suspicious logins that may have come from hackers, such as if a user logged in from California then soon after logged in from Russia.

Time     2011-04-16 18:51:27 UTC
Latitude     37.34688913
Longitude     121.94080227
Altitude     0
Accuracy     675
Altitude Accuracy    -1
Heading     -1
Speed    -1

Name Changes

Users are able to change their name on Facebook a small number of times. The record of different names used is not available to a user or their friends through the site, but can be found on the data CD. The information could be used to help law enforcement identify someone by a previously used alias.

Time 2010-03-19 11:48:50 UTC
Old Name Max Mustermann
New Name Max NonOfFacebooksBusiness

Credit Cards

Users who have purchased Facebook Credits will have their credit card information included in an encrypted format on their data CD. The inclusion of this data may contribute to the thorough verification process Facebook makes users undertake to attain the CD.

Profile Blurb

This field came up blank for those who posted excerpts of their data to Europe vs. Facebook. It could possibly be an old “About” section of the profile, or could indicate a forthcoming profile info section that would display introduction on the new Timeline profile design.

Physical Tokens

This field also came up blank. It could be used to list an ID number or something similar for Facebook employees who use a physical key card or security device such as RSA to enter Facebook offices. Alternatively, there’s a chance it could point to a future location product that uses near field communication-enabled devices to let users swipe to check in to Places.

On Tuesday we published the results of a study indicating that Pages that sync or auto-post their content to Facebook from Twitter or blogs using tools like HootSuite, Twitter, and NetworkedBlogs receive significantly fewer Likes and comments per posts than those that post manually using Facebook’s web and mobile interfaces.

This is partly because Facebook consolidates into a folded thread all posts from across Pages and friends in a user’s news feed that were published through the same tool, displaying a “Show x more posts from [publisher app] link”.

We’ve now learned that Facebook maintains a secret whitelist of companies that are exempt from having content posted through their publishers consolidated across different Pages and clients. This protects them from a reduction in news feed impressions. The whitelist includes some top enterprise Page management tools from the Preferred Developer Consultant program including Buddy Media, Vitrue, Involver, Context Optional and Syncapse. Facebook has forbidden those included from discussing the existence of the whitelist. Facebook has confirmed with us that “trusted partners” are having their posts treated differently.

Since consolidation negatively impacts Page post engagement and other key performance indicators, brands have to consider using whitelisted publishing tools. If they aren’t already, they should out of necessity either ask their Page management solution provider about gaining admission to the whitelist, or switch to a tool protected from consolidation. Overall, the surfacing of the consolidation whitelist may anger developers not on it, and push Facebook to change its policy on whose posts are consolidated.

Here’s some more context on what’s happening. In order to gain the maximum exposure, clicks, and other key performance metrics from publishing to the news feed, Facebook Pages need to optimize their EdgeRank, or prominence in the news feed. To do so, they need to consistently publish compelling and widely seen updates to draw Likes and comment that improve their EdgeRank.

However, Facebook has an automated system in place originally designed to collapse flurries of posts published by users playing spammy social games. That system causes any posts present in a user’s news feed that were published by an API publishing tool with a same App ID, whether from one or many Pages or users, to be consolidated into threads that show one post but require users to click to unfold and view the rest of the posts. Since users don’t always unfold the threads, consolidation reduces the impressions of posts, giving them fewer opportunities to score feedback that helps their EdgeRank.

The study by EdgeRank Checker and another by Momentus Media show reductions in post engagement rates by as much as 70% for Pages using third-party publishing tools that have posts consolidated across Pages. This engagement reduction cannot be entirely attributed to consolidation, as differences in the content of scheduled or syndicated posts, Page size, and the types of companies that pay for third-party tools all impact engagement as well. Still, post consolidation does negatively impact impression rates, and therefore publishing apps that cause posts to be consolidated should not be used by brands.

To insulate some of the world’s biggest brands who are also heavy advertisers on Facebook, as well as some of the biggest third-party Page management companies from its Preferred Developer Consultant program, Facebook quietly offered admission to a post consolidation whitelist to a few Page management developers. Tools whose App IDs are whitelisted do not have their posts consolidated across Pages (though, in some cases, a single client’s Page may have its own posts consolidated together if it posts multiple times in rapid succession).

Brands using tools on the whitelist have an advantage over their competitors, as they can attain more news feed exposure for their posts. Page management companies can use the higher engagement rates afforded them by the whitelist to attract clients. Page management companies left off this whitelist may feel the double standard is unfair, especially if brands using Twitter, HootSuite, TweetDeck, or NetworkedBlogs ditch them for whitelisted tools.

Executives of Page management companies tell us they don’t believe Facebook was intending to penalize any publishing tool developers with the consolidation system, and rather it was a holdover from a spam prevention effort that Facebook has since handled by limiting how much game content appears in the news feed.

[Update: Facebook has responded to our inquiry about the existence of the whitelist saying "We're focused on ensuring that users see the highest quality stories in News Feed. As part of this, related stories are typically aggregated so users can see a consolidated view of stories from one app. In some cases, we work closely with trusted partners, such as Preferred Developer Consultants, to test new ways of surfacing stories, and gather feedback to improve the Platform experience."

Though Facebook calls this a "test", the exemption of certain tools from post consolidation has been going on for many months. The whitelist could therefore be interpreted as favoritism rather than just an attempt to gather data to improve the user experience.]

Exempting trusted publishers from post consolidation may have intended as a temporary solution until a more sophisticated way to keep individual publishers from overrunning the news feed could be developed. But in the meantime, the whitelist has created an uneven playing field where certain publishers and the brands that use them receive much less visibility in the news feed than others.

If Facebook wants to keep the long-tail of third-party developers happy and working on its Platform, it will need to provide more transparency around how the post consolidation system currently works. It will also need to quickly fix it so no publishing tools and their brand clients are penalized for legitimate promotion in an effort to control game spam.

[Thanks to Momentus Media for data that informed this post]

UK Won’t Ban Facebook – Facebook, Twitter and Research In Motion met with United Kingdom officials Thursday regarding the social networks’ role in summer riots there. The government ended up not moving to restrict access to the social networks in emergencies such as riots.

Facebook Takes Third Spot for Video – Facebook becomes the third largest video site on the Internet, comScore reported. That is 51.5 million people who watched videos on the platform in July.

AT&T to Discontinue Facebook Phone – AT&T is reportedly set to drop its “Facebook phone” called the Status, according to TechCrunch.

Places More Popular Than Foursquare – London developer Golden Gekko reports its clients report much more Facebook check-ins than Foursquare in Europe. Magnus Jern reported that the ratio ranged from 5-10 to 1. However, the future of the service is unclear.

Facebook Hit 1 Trillion Pageviews - Facebook surpassed 1 trillion pageviews according to Google’s Ad Planner tool, although comScore says otherwise.

Facebook Mobile App to Offer Photo Filters - Facebook looks to be competing with Instagram’s classy mobile app by offering almost a dozen photo filters to its mobile own application — following Facebook’s attempt to buy the startup, according to The New York Times. News of the feature first leaked out in June.

Recapping Facebook’s Bug Bounty – Neal Poole did a basic rundown of Facebook’s Security Bug Bounty program, which included information about multi-line JavaScript URI, redirects preserving fragment portions of URLs, XSS filters and more.

Facebook Wraps Up Farm Bureau Dispute – Facebook and the Farm Bureau had a dispute over Facebook trademarking “FB,” but it seems like the lawsuit is set to be wrapped up.

Milyoni Chart for Credits – Milyoni created a nice chart and whitepaper that includes ways that Facebook Credits can, and cannot, be used.

Facebook to Open Second Campus - Facebook is set to open up an additional campus from its current Menlo Park, Calif. headquarters. The second campus pwill be southwest of the current location, to be constructed in 2013 to accommodate about 2,800 employees.

Ticketmaster Allows Users to Find Friends – Line Nation’s Ticketmaster service launched an app that allows users to see where their friends are sitting on seat maps and tag themselves.

BBC Does Facebook On-Demand Video – BBC has developed an on-demand Facebook application allowing users to rent episodes from the show “Top Gear” for 48 hours.

ShopIgniter, Involver Partner – The two companies are entered into a partnership to help online retail businesses with a management content system.

Facebook today announced changes to its Ad Guidelines that permit advertising for several verticals that were previously prohibited. Offline gambling can be promoted, as can online gambling if ads are targeted outside of the US and have Facebook’s explicit consent.

Lottery commissions and legal dietary supplements may also be promoted with some restrictions. Ads for online pharmacies are prohibited unless they are certified and approved by Facebook

The changes will give a wider range of industries the opportunity to attain customers through Facebook highly targetable ads, and could generate more advertising revenue for the social network.

Facebook recently eased some of its promotion guidelines, removing prohibitions of contests, sweepstakes and other promotions of gambling and some other verticals. However, the continued prohibition of these industries in the Ad guidelines and Platform Policies restricted exactly what these promotions could include.

Now, Facebook has also eased its Ad Guidelines for some of these verticals, which could create significant new advertising opportunities for some industries. Below we’ll list the changed Ad Guidelines, and follow up with analysis exactly what has changed and how this impacts advertisers:

Gambling

III. Ad Content

       E. Gambling and Lotteries

Ads that promote or facilitate online gambling, games of skill or lotteries, including online casino, sports books, bingo, or poker, are only allowed in specific countries with prior authorization from Facebook.

Lottery commissions licensed or sponsored by government entities may advertise on Facebook; provided that ads must be targeted in accordance with applicable law in the jurisdiction in which the ads will be served and may only target users in the jurisdiction in which the lottery is available.

Ads that promote offline gambling establishments, such as offline casinos, in accordance with applicable laws and regulations, are generally permitted, provided that ads must be appropriately targeted.

The most significant of the changes is the permission of ads for offline gambling without the need for consent from Facebook, as long as ads are targeted to users over the legal age of 18 within countries where gambling is permitted.

Gambling ads may only be purchased through a direct sales partnership with Facebook, which requires a monthly minimum spend of $30,000, and may not be purchased through the self-serve ads tool or  the Facebook Ads API.

Facebook previously permitted ads for online gambling with permission, but it has now clarified that these ads must be targeted outside the US in addition to having the site’s consent. These changes will allow casinos and other offline gaming establishments to target nearby Facebook users with ads in hopes of enticing them to visit in person, and may boost confidence in understanding of the policy for online gambling advertisers.

Unofficial lotteries are regulated by guidelines for online gambling, but government authorized or sponsored lottery commissions are governed by separate guidelines. As long as they comply with local laws, and only target those of age in their jurisdiction, they may advertise without explicit consent from Facebook. The ability for state lottery commissions to geo-target their Facebook ads by state could help them efficiently increase sales.

Online Pharmacies Dietary Supplements

III. Ad Content

       F. Pharmaceuticals and Supplements

Ads must not promote the sale of prescription pharmaceuticals. Ads for online pharmacies are prohibited except that ads for certified pharmacies may be permitted with prior approval from Facebook.

Ads that promote dietary and herbal supplements are generally permitted, provided they do not promote products containing anabolic steroids, chitosan, comfrey, dehydroepiandrosterne, ephedra, human growth hormones, melatonin, and any additional products deemed unsafe or questionable by Facebook in its sole discretion.

Online pharmacies were not expressly prohibited before, but the guidelines now state they must be certified and have pre-approval from Facebook to run ads. This may close an advertising channel for some businesses.

Previously, Facebook prohibited ads for all “uncertified pharmaceutical products”. Now those that are legal, available without a perscription, and that don’t contain any of the above ingredients may be advertised. Facebook does reserve the right to deem products unsafe and pull their ads, though.

Businesses selling legal dietary supplements, as popularized by the book “The Four-Hour Work Week”, may now serve ads to Facebook users. By targeting Precise Interests such as “weight lifting” or using Facebook’s new Topic targeting system to reach those who’ve Liked Pages related to #weight training, these businesses may be able fo find a wealth of new customers.

Amongst a flurry of announcements about changes to games on its platform, Facebook recently updated the Developers Blog regarding the addition of a new Insights analytics tab for Facebook Credits. The latest Platform Update also included announcements about how app-to-user request notifications will now show the notification’s message; new capabilities for the Graph API, activity and recommendation plugins, and the Graph API Explorer; as well as clarifications of two Facebook Platform Policies.

Developers of Facebook apps that use Facebook Credits will now or soon see a Credits tab in their Insights dashboard. Credits Insights graphs the information developers receive in their daily Credits reports, name spend, chargebacks, and refunds. Developers can select date ranges for these graphs, compare time periods, and export data in XLS or CSV format.

Credits Insights, accessible to those with the Administrator role on a given app, will help developers determine how effectively their apps and games are monetizing. The Insights graphs are more efficient for determining the impact of design changes or market forces on monetization than the more momentary Credits reports. With time, Facebook may add more data to Credits Insights that could help developers better understand who is spending within their apps, and what is convincing them to make purchases.

–

Facebook quietly changed some important Platform Policies recently, banning promotion of apps on some types of competing social platforms and restricting how developers can reward their users. In the Platform Update, it announced two smaller deletions from its policy document:

FPP IV.4: You must provide users with an easily identifiable “skip” option whenever you present users with an option to use a Facebook social channel.

Apps no longer have to include a skip option because apps must always obtain user consent before posting on their behalf.

FPP IV.5: You must not provide users with the option to publish more than one Stream story at a time.

This deletion permits apps to let users publish to the walls of multiple friends simultaneously. Group communication, group buying, multi-player gaming, and other types of apps will now be able to let users choose multiple recipients for a wall post rather than put users through several redundant share steps.

The policy was likely put in place initially to reduce the potential for wall post spam. However, Facebook has been refining its app quality ranking system such that apps that publish posts that are frequently hidden or marked as spam will receive fewer impressions of their news feed content and risk suspension. Facebook apparently sees these repercussions as adequate to discourage spam.

App to user Request notifications that appear in the Apps and Games Dashboards now include the message originally included with the Request, making them a more effective method for developers to communicate with their users and ping them with calls to action. Before, these notifications didn’t include the message. The change could increase the conversion rate on app-to-user Requests. The counters for pending Requests will also appear in the new Games Ticker.

Developers using Facebook’s Activity or Recommendations plugins now have the option to prevent old or outdated content from appearing in the plugins. The  max_age field lets developers set the number of days within which a URL must have been created to be eligible for display within the plugin.

For example, ’0′ would make all stories show up regardless of URL creation date similar to how the plugin worked before, whereas ’14′ would require the URL to have been created in the last two weeks. The option will make the plugins more useful to developers of sites focused on breaking news or other real-time content.

The Graph API Explorer now permits developers to quickly generate access tokens for one of the apps they admin. This will make it easier to test APIs that require users to grant permissions to an app.

–

Rather than using the legacy REST API, developers can now determine if a user Likes a Page using the Graph API call:

https://graph.facebook.com/me/likes/PAGE_ID
&access_token=ACCESS_TOKEN

This could help apps determine if a user is eligible to see fan-only content protected by a Like-gate.