Facebook filed a 22-page letter with the Federal Trade Commission outlining its thoughts and recommendations for the commission’s proposed changes to the Children’s Online Privacy Protection Act (COPPA).

The social network lauded the FTC’s commitment to protecting children’s online experiences and privacy, but expressed concern about some language in the proposed change, which could hold Facebook liable in cases where third-parties use its social plugins and create additional burdens for Facebook, developers, publishers and parents. In particular, Facebook urged the commission to explicitly allow first-party advertising as an acceptable use of a child’s “persistent identifier,” such as an IP address or cookie ID.

The FTC is proposing that COPPA be expanded to apply to apps, games and online ad networks, in addition to the child-directed websites it currently covers. Some language in the proposal would deem website publishers and developers that use plugins like Facebook Login or the Like Button as “co-operators” with Facebook. Facebook Chief Privacy Officer Erin Egan, who wrote the letter to the FTC, suggests that the language in the proposal “fundamentally misunderstands the relationship between plugin providers and website publishers.” The social network, for example, makes plugins available but doesn’t choose which websites use them, which plugins they use or how they use them. Neither does Facebook share data with the third-parties that use its plugins. As such, the company wants to ensure that it would not be held liable under COPPA for offenses by web publishers or app developers that integrate with its platform.

The FTC proposal makes some exceptions for collecting and using children’s information as needed for “support for internal operations.” Facebook requests that the FTC clarify its definition of “support for internal operations” to include data captured by plugins and to explicitly include activities that do not impact children’s privacy, such as first-party advertising. The letter cites the commission’s previous reports that distinguish first-party advertising from third-party advertising because it does not raise the same privacy concerns and is generally an expected part of free websites and online services.

Egan further recommends that COPPA not include language that requires operators of child-directed sites to “treat all users as children” and obtain parental consent even if they otherwise have knowledge that a user is 13 years or older. For example, if a user has signed up for Facebook, the user has verified that they are over 13 by providing a birthdate. Egan says this should apply to third-party sites that integrate plugins without requiring additional consent or age verification. “It would be nonsensical to require an operator to obtain verifiable parental consent before collecting information from a parent,” Egan writes.

As we’ve previously written about, Facebook could ultimately serve as a means for age verification all around the web. In its letter, the company suggests that the commission could add explicit clarification that publishers can use a common mechanism to obtain verifiable parental consent, as Microsoft, Disney and a number of organizations have suggested in their comments to the FTC. Doing this, Egan writes, would minimize the burden on parents by reducing the number of times they have to give consent and eliminate the need for multiple detailed privacy notices. Instead, parents could give consent and get notice up front. They would then then get a more specific notice when a child wants to play a game or use a new app. If a platform provides this ability, Facebook argues, it should not assume liability or turn the platform into a “co-operator” with third-party apps or websites that implement it.

The Wall Street Journal reported in June that Facebook was taking steps toward allowing children under 13 to be allowed on the site, including creating mechanisms that would connect children’s accounts to those of their parents. Facebook has not publicly shared whether it is planning to lower its age limit or how it would do so.

Facebook today launches the “Shared Activity” plugin for third-party websites to give users more control over the Open Graph actions they’re sharing back on the social network.

The plugin brings the functions of the Timeline activity log to any web app so users can better control what they share and with whom. This new feature might also help create a more universal experience across sites that use Open Graph, which could reduce some users’ concern about these apps. Without this plugin, some apps may have put controls in a different locations, like in a settings window or on the side.

Now, rather than developers designing and creating their own privacy controls, they can implement the Shared Activity plugin with a few lines of code.By creating a more standardized experience, it makes things more familiar for users so they know exactly what to do.

Facebook provided the example of the plugin on sites such as Airbnb. People can set the default Facebook audience for activity shared from an app or manage the settings for stories previously published to Facebook, including selecting a different audience or removing the story altogether.

For more technical documentation, refer to the Facebook developer entry.

Facebook has finally resolved an issue that prevented users’ photos from being completely deleted, according to Ars Technica, which first raised privacy concerns about the matter three years ago.

Previously when users deleted their photos, the images were removed from the site but still accessible with a direct link. This was because Facebook’s early photo storage systems did not always delete cached images from the site’s content delivery networks. In some cases the photos were available months or years after users thought they deleted them.

Now Facebook has moved its photo storage to newer systems and instituted a 30-day maximum age for CDN links. A Facebook spokesperson told Ars Technica that some content will expire on the CDN much more quickly, though he couldn’t say what factors affect this process.

Ars Technica found that after adding new photos and deleting them, the direct links expired within two days. That’s an improvement over months or years, but still slow compared to Instagram or Twitter, which remove images from their servers instantly.

Facebook recently added an activity log feature to some mobile devices, allowing users to see all their recent activity, verify their privacy settings and delete individual stories.

Activity log was a key new feature that came with the introduction of Timeline, but was not translated to mobile until recently. Facebook did not tell us when it made the change or how widely it is available, but we expect it to eventually be available for all users because it is an important tool for users to manage their activity while they are away from a computer. With more mobile apps integrating Open Graph and publishing stories to News Feed and Timeline, it is increasingly necessary for users to be able to control what gets posted on their behalf. So far we’ve seen the activity log in Facebook’s mobile site and iOS app, but we did not have the option in the Android app, however, some users get access to features at different times.

The activity log is accessible from a user’s mobile Timeline. Beneath the cover photo is a row of tabs, including “About,” “Photos” and “Friends.” Swiping to the left across these tabs reveals more tabs, including one labeled “Activity Log.” The feature is also presented when users visit “Timeline Review” after a friend tags them in a photo or checks them into a location.

From the mobile activity log, users can see the privacy setting associated with each action they took on the social network or with a Facebook-connected app. On desktop, users can change their privacy settings from activity log, but this does not seem to be the case with the mobile version. Instead, Facebook simply gives users the option to delete a story completely by clicking the circle next to the story. This seems to be a way to balance offering necessary control while maintaining a more lightweight experience on mobile devices.

Facebook groups will now show users which members have seen each post, the social network announced today.

Below each post within a group will be a check mark followed by the number of people who have seen the post. Hovering over or clicking on that note will present a list of group members who saw the post and when. After all users in the group have seen the post, the post will say “seen by everyone.” The feature is available on desktop and mobile versions of groups. Although it hasn’t gone live for us yet, Facebook says this will begin rolling out today.

This is similar to what Facebook now does in its mobile Messenger app to let users know their message has been received, but when applied to larger groups, some users might be uncomfortable with this because they feel it reveals too much about their activity on the site. Overall, the feature is useful for groups of people who are collaborating on a project, scheduling plans or sharing other important updates. Facebook provides the example of a soccer team using groups and the new “seen” feature to make sure everyone knows about what time practice starts.

TechCrunch’s Josh Constine says Facebook wouldn’t discuss whether it was considering adding the feature to posts users make outside of groups. He notes that implementing this in News Feed or Timeline might be going too far and make people feel self-conscious about what they browse on the social network. For now it seems Facebook will limit this to groups and private messages. Perhaps in the future, group admins could have control over whether posts display information about who has seen them.

Facebook didn’t provide details about what it means for a post to be “seen,” and whether it involves a user visiting the group page or having the story load in News Feed. The Help Center tells users to ”keep in mind that if people see a group post or message, it doesn’t always mean they had the chance to read it carefully.”

Facebook appears to have hidden users’ third-party email addresses from Timeline, but left users’ Facebook.com addresses visible. It has also added a confusing new setting to the email portion of a user’s contact info.

Although users can choose which of their email addresses are displayed on Timeline and change the privacy setting for each address, it is odd Facebook has hidden addresses that users had previously indicated they wanted to share with friends or the public. This seems like a deliberate move to promote its own messaging service over others, but instead of changing users’ privacy settings to do it, the social network simply added a second setting.

In addition to being able to manage the privacy setting of each email address they have connected to their accounts, users now have another setting to control whether to “show” or “hide” that account on Timeline. This makes it difficult for users to understand which addresses they are sharing. As seen in the example below, the privacy setting for the Yahoo account is “friends,” as it has been for years. The Facebook.com address is set to “only me,” as indicated by the lock icon. But when Facebook added the second setting to the right, it defaulted all non-Facebook.com accounts to “hidden from Timeline” and left Facebook.com accounts as “shown on Timeline.” The social network does honor the “only me” setting so the Facebook.com address is not visible to anyone it wasn’t intended for, but it makes the user experience quite unclear.

In April, Facebook made a vague announcement about “updating addresses on Facebook to make them consistent across our site.” It did not say that it would hide users’ non-Facebook.com addresses. It simply said, “Now, the address people use to get to your Timeline and send you email on Facebook will be the same.” However, users’ Facebook email addresses had always used the same address as their personalized URLs, so this did not seem to be news at the time.

Now Facebook is referencing this press release to suggest that it did, in fact, let users know that it would be making a change to how email addresses appear on Timeline. It provided us and other news outlets with the following statement:

“As we announced back in April, we’ve been updating addresses on Facebook to make them consistent across our site. In addition to everyone receiving an address, we’re also rolling out a new setting that gives people the choice to decide which addresses they want to show on their Timelines. Ever since the launch of Timeline, people have had the ability to control what posts they want to show or hide on their own Timelines, and today we’re extending that to other information they post, starting with the Facebook address.”

However, the ability to decide which email address to show or hide on a user’s profile predates Timeline. Users have been able to do this since as early as 2010. What’s new is the confusing second setting we discussed above. Further, we’ve heard from users that this setting has been live for them since last Monday, if not earlier.

Facebook is most often criticized for revealing too much of user’s information, not for hiding it. But when it comes to email, things get complicated for the social network. In 2010, Facebook and Google were involved in a public dispute over the issue of how email contacts should be used. Facebook would not allow users to export their friends’ email addresses, but it helped Gmail users manually download their Gmail contacts and then re-upload them to the social network. Facebook also allowed users to import their friends’ e-mail addresses when they were using Microsoft or Yahoo services.

We wonder whether Facebook’s latest change to hide email addresses is more than just a way to promote its own messaging feature over third-party email services, and if it could be related to preventing contact importing and exporting. A Facebook spokesperson could not comment on this issue.

Facebook adopted a new Data Use Policy and Statement of Rights and Responsibilities on Friday after a user vote failed to generate enough response to be considered binding, according to a note on the Facebook Site Governance page.

In its second-ever user vote, users had the option to vote for Facebook’s existing policies or new proposed policies through a relatively simple app. Although 297,883 people voted for Facebook to keep its existing policies, overall not enough users participated for the results to become a mandate. According to Facebook’s governing documents, results are only “advisory” when fewer than 30 percent of all monthly active users vote.

In this case, many of the votes for the existing policy were the result of an activist campaign that actually calls for sweeping changes not offered by either policy. The vote itself was triggered by the campaign, in which user Max Schrems encouraged thousands of users to comment “I oppose the changes and want a vote about the demands on www.our-policy.org.” Facebook always gives users the option to review proposed policy changes, but if more than 7,000 users comment on those changes, the policy is put up to a vote.

“We did reach the threshold because a viral meme was created, and unfortunately the result is a vote,” Facebook Chief Privacy Officer for Policy Erin Egan told TechCrunch earlier this month.

The newly implemented policies do not include any major changes to how the social network collects or uses user data. The changes are mostly updated wording — for example, using “Timeline” instead of “profile” — and added clarification about existing policy. Clearer examples and user tips have been added to the Data Use Policy per recommendations from the Irish Data Protection Commissioner’s Office, which audited the social network’s data collection practices last year.

“We strongly believe these updates provide you with more detail and transparency about our data protections and practices,” Facebook wrote in the note announcing the decision to adopt the proposed policies. ”We received a great deal of positive feedback about these changes from our regulators and the many other stakeholders – including privacy and consumer groups – we consulted about these revisions.”

Facebook says it will review its site governance process following the low participation. A total of only 342,632 users voted. That’s about 0.38 percent of active users, and only 15 percent of people who Like the Facebook Site Governance page, which posted several times about the vote. Facebook also ran mobile and desktop ads to encourage participation. As far as we know, the company did not send emails or prompt users with messages above their News Feeds, which might have resulted in more feedback.

The new Statement of Rights and Responsibilities, also known as a terms of service agreement, is available here. Facebook’s Data Use Policy, formerly known as its privacy policy, is here.

Facebook has made proposed revisions to its Data Use Policy and Statement of Rights and Responsibilities open to a user vote between now and June 8.

The vote is the second of its kind since Facebook decided in 2009 to give users the option to review proposed policy changes and then offer a vote if more than 7,000 users comment on those changes. User Max Schrems, who leads the activist group Europe Vs. Facebook, encouraged users to comment “I oppose the changes and want a vote about the demands on www.our-policy.org.” More than 10,000 users did so on the English-language version, and there are thousands more on other pages.

Facebook’s Chief Privacy Officer for Policy Erin Egan told TechCrunch that the company will consider changing its voting threshold to promote quality over quantity, and prevent spam-like comments from triggering votes in the future.

“[Schrems] is interested in us changing our product, but these revisions are about our policy. We can’t please everyone,” Egan told TechCrunch.

The proposed revisions do not include any major changes to how the social network collects or uses user data. The changes are mostly updated wording — for example, using “Timeline” instead of “profile” — and added clarification about existing policy. Clearer examples and user tips have been added to the Data Use Policy per recommendations from the Irish Data Protection Commissioner’s Office, which audited the social network’s data collection practices last year.

Users can visit the Facebook Site Governance page to review all changes, compare these with the existing policies and read Facebook’s explanation of the changes. Through an application, users can vote for either the new policies or the previous policies. To the dismay of Schrems and Europe Vs. Facebook, there is no option to vote for an alternative policy. His group, for example, calls for all Facebook features to be opt-in rather than opt-out and for Facebook to provide users with full access to all personal data in raw format within 40 days upon request.

Voting will end June 8 at 9 a.m. If 30 percent of active users vote, the results will be considered “binding.” That means if fewer than 270 million of Facebook’s 901 million monthly active users vote, the results will be considered “advisory” but non-binding.

Some Facebook users are seeing a new icon on News Feed items which link to sites that share activity back to a user’s Timeline. The color of the icon indicates whether clicking the link will generate a story alerting users’ friends that they read an article or watched a video.

A small icon appears next to the name of social news readers and social video apps within News Feed. When the icon is grey, sharing is disabled and users can click on a link knowing that others won’t be able to see their activity, for example, if a user has set the app’s default privacy to “Only Me.” When the icon is green, social sharing is enabled. Users can hover over the icon to see to whom their subsequent activity will be visible. These icons appear within the mobile and desktop News Feed, but not on users’ Timelines.

Earlier this month we saw Facebook testing a similar functionality, but this latest iteration is more ambiguous. The new icon is so subtle that most users will not even notice it, and without any additional context, the icon does not seem to immediately represent social sharing. In fact, on mobile devices, there is no way to find out what the icon signifies. If Facebook does end up picking an abstract icon to designate its “frictionless sharing” applications, it will need to educate users what it means and where they should look for it.

For now, the company seems to be testing a number of options in order to find a future balance between making sharing as easy as possible and still letting people have control over their experience. This is increasingly important as websites and apps can now ask for permissions once and then automatically publish stories to Ticker, Timeline and News Feed when users take action like reading an article, listening to a song or watching a video. Since these apps are so new, there is a lot of variation in how developers make users aware of what they are agreeing to share and how they give users the option to opt-out. By experimenting on its own site and giving third-party developers some freedom to try different approaches, Facebook can discover best practices and ultimately define policies. Until then, some users might be hesitant to add any new applications or click on news and video links.

Other users might want to set certain apps to be visible to “Only Me.” This gives users a chance to experience new apps without fear of over-sharing, and the option to chronicle their activity for themselves alone. Users can later widen the scope of who can see their activity once they trust an app. The easiest way to do this is from the activity log. See the last two screenshots below for an example.

Facebook has increased the amount of data it provides to users when they download a copy of their information from the site, according to a post on Facebook Public Policy Europe page.

The “Download Your Information” feature now includes catalogues of friend requests a users make, IP addresses they’ve logged in from and any previous names they’ve used, among other Facebook actions. This is in addition to the copy of photos, posts, messages, chat conversations, friend lists and other information that Facebook first made available for download in 2010.

The changes, which begin rolling out to users today, are part of an agreement with the Data Protection Commissioner  – an Irish agency responsible for the enforcement and monitoring of compliance with data protection legislation. Since Facebook’s international headquarters are located in Dublin, the company is responsible to the Irish commissioner. The commissioner conducted a three-month audit of Facebook following a formal complaint suggesting the social network was creating “shadow profiles” of non-users. The commissioner found the company compliant with Irish and European Union law, but had Facebook agree to gives users even more control over their data and privacy within six months.

When users download their information from Facebook, they get a zip file containing html files of their profile, wall, events, messages, notes and friend lists; jpegs of their photos; mp4s of their videos; and an index file for navigating the content. The data can be used as a keepsake or to replace lost media files, but not to easily switch to a different social network.

The following is a table from the commissioner’s report showing what was previously available in the “Download Your Information” tool and what Facebook promised to add. The company did not list all of the changes it made today, but it says more categories of information will be available in the future. Users can download their information here.