Facebook Faces Renewed Privacy Challenges
The Wall Street Journal reports that a Facebook user ID may be inadvertently shared by a Facebook application and may then be further transferred to other third parties. While this sharing is similar to the sharing issues Facebook experienced last spring, incidents such as these are only likely to increase calls for accountability and privacy by design principles in privacy enforcement.
WSJ reports that the top ten most popular apps on Facebook were found to be transmitting users’ IDs to third parties. WSJ reports that the apps were sending data to 25 other firms, some of which build profiles on users. WSJ further found that at least one firm that received this information combined it with its own database and then sold it to other third parties. Facebook Developer Principles and Policies requires that user data not be used “for any purpose off of Facebook, without user consent.” This sharing by apps with third parties likely violates this provision of the Facebook policy. Thus, WSJ contends that some of these apps may have violated the Developer Principles and Policies as well as the developers’ own privacy policies.
Facebook responded by shutting down some of those apps since the WSJ story ran. Facebook also responded with this developer blog post stating that the sharing of user IDs was inadvertent and that the press “exaggerated the implications of sharing.” Instead, the post focused on how the sharing of the user ID did not allow the sharing of “private user information.”