• by Wendy Davis , Staff Writer @wendyndavis, June 1, 2010

It could be a very long summer for Facebook as the company continues to deal with privacy fallout. Even though the social networking site recently made some concessions on the privacy front, the company's problems are nowhere near over. Facebook's recent round of rollbacks give users more control over how their information is shared, but didn't completely resolve the most contentious issue of all -- the company's decision to deploy instant personalization on an opt-out basis.

It's not just privacy advocates or tech bloggers who think so. Late last week, Rep. John Conyers, chairman of the House Judiciary Committee, sent a letter to Facebook CEO Mark Zuckerberg asking for information about new programs. While he didn't mention instant personalization by name, facebook's decision to share users' names and other information with Microsoft Docs, Yelp and Pandora was obviously on Conyers' mind. "We would appreciate a detailed explanation of the information about Facebook users that your company has provided to third parties without the knowledge of the account holders -- particularly in circumstances in which the users did not expressly opt for this type of information sharing," Conyers wrote.

Facebook spokesperson Andrew Noyes issued the following statement in response to news of the inquiry: "We appreciate Chairman Conyers' interest in our personalization products and look forward to meeting with his staff to explain our industry-leading privacy practices and the powerful privacy tools we began rolling out last week."

Among other changes, Facebook made it easier for users to eschew instant personalization. But, while that's certainly a start, it's nowhere near as good as requiring users to opt in to the program.

Opt-out consent is often seen as adequate online. But if there's any one situation where companies should get opt-in consent, instant personalization is it. Automatically logging people in -- by name -- to unaffiliated sites simply isn't the type of thing that people are accustomed to online. On the contrary, many sites have said for more than 10 years now that they don't share users' personal information without their consent. And because publishers haven't typically shared users' names in the past, many people -- especially those who don't scour the tech press -- would never imagine that Facebook is doing so by default.

Zuckerberg said last week that he didn't anticipate the company would make other major privacy-related changes for a while. But he might have no choice on this issue.