Last week, many people made posts like this on Facebook:

While this was quickly debunked as being entirely untrue, the fact that millions of people made the very same post speaks volumes about how worried people about their privacy on Facebook.

It’s probably not helping that Facebook just finished soliciting comments on their new Data Use Policy and their Statement of Rights and Responsibilities. Privacy groups in the US – specifically, the Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) – have objected to the changes.

The most significant part of the changes would deal with how Facebook is (notionally) governed. In theory, changes to its policies are subject to votes by Facebook users. In practice, the process has been unsuccessful – there have been two previous votes since April 2009 (when it was announced). However, turnout has been low, with less than one percent of Facebook users participating. The changes would remove the voting process entirely.

Other changes include making it explicit that information can be shared with Facebook affiliates like Instagram and changes in how messages are handled (instead of a blanket setting on who can and can’t send messages to a user, filters will be offered instead).

This is all just part of the greater debate surrounding privacy and Facebook. News events like this merely bring it to the forefront of people’s minds. The question really is: how much of our data should be online? How much of our data that is online should be able to be used by the free social media networks that we’re part of?

It is becoming more likely that eventually government regulators are going to step in. Irish regulators – who oversee Facebook for all users outside of the US – have asked the social network to clarify the current set of changes.

Perhaps the most contentious question is the “right to be forgotten” that has been proposed by EU regulators. As the name implies, this proposed right would enable users to request (and force) that their data be removed from a website’s databases. First proposed in January, more recently a paper by the European Network and Information Security Agency (ENISA) outlined the significant technical challenges in implementing the proposed right. The proposed right is something of an extreme solution, but depending on how one feels about how deeply user privacy is being violated by existing sites it may be a necessary solution.

In addition, the “right to be forgotten” can only be realistically applied to parties you originally give information to. It would be difficult to apply this “right” to any sites that merely crawl and index publicly available information, If any information is publicly posted, it will be treated as just that – public, in the hands of the Internet at large.

That said, this is a debate that will go on for much, much longer. What can users do in the meantime?

What they can do is reduce the amount of information they are putting out in social media if privacy is something that concerns them. Think before you post – is this something you really want the Internet at large to know about?

You may also want to tighten your privacy settings. For Facebook, the latest version of Titanium can automatically examine your settings and see where they can be strengthened. A tutorial video can be found here.

Ultimately, though, each user has to decide what their comfort level is – what exactly is their limits as far as privacy and sharing is concerned? It’s worth remembering that Facebook is offering access to one of the Internet’s top sites for free. If you’re getting something for nothing, you’re not the user of the system. You’re the product – and advertisers are users. That’s something to keep in mind as you make that trade-off.