Facebook faces German privacy probe
Non-member data under scrutiny
Germany is suing Facebook for obtaining and saving data from people who do not use the social networking site.
Facebook faces an investigation for violations of Germany's strict privacy laws, which are among the toughest in the world. Johannes Caspar, head of Hamburg's Data Protection Authority, told the BBC: "We consider the saving of data from third parties, in this context, to be against data privacy laws."
The action follows complaints from members of the public who were not themselves members of the social network, but whose details were added to the site by friends. It is alleged that this information was saved by Facebook and used for marketing purposes. Though dominant elsewhere in the world, Facebook is only the fourth largest social networking site in Germany.
Facebook is no stranger to privacy probes. Complaints by privacy watchdogs in Canada earlier this year prompted changes to the site's policies. As well as privacy officials in Germany, Swiss authorities are also reportedly concerned about Facebook's use of third party data. ®
That's not the point.
Whether they 'spam' you or send invites on their member's behalf, Facebook's ToS says that they have the right to do whatever they want with this information. (More or less.)
Tying this information to sites the embed Facebook links and java scripts means that they have a way of capturing and correlating data about you, even if you are not a Facebook member.
Hence the rub.
> Can't really see how it's any different from me storing my address book in gmail
Gmail's address book management is not an analogous situation. If I entrust someone with a personal email address it is with an expectation it gets used by them for personal mail; their storing it in an address book isn't a problem. Facebook has a non-member referrals programme based on an opt-out business mailing list and -credit where it's due- they're better than others about pointing that out ... but, as with work mail/phone etc, it doesn't sink in with some people that there's a distinction to be made concerning the supply of email addresses to it (and, as concerns me in recent news, risk of database leaks from it).
At present, I don't use multiple email profiles to help distinguish between what content comes from whom and neither do I need complicated filtering rules to handle what does come but (having accidentally lost some important recent emails when my service provider reset the baseline set of spam filter rules in favour of the trash they spew out) I'm getting ever more aware that it might be wise. It would help if people appreciated the desire of (some) others to differentiate, but for some reason they can't or won't :(
Re: email addresses, or what?
JK> Are we talking email addresses, or what?
From related article at http://skunkpost.com/news.sp?newsId=2760:
> "It is a system that is designed around making it possible for Facebook to expand, for its own benefit," Caspar said in a telephone interview.
> He said his office had received complaints from "many" people who had been contacted by Facebook after it obtained their names and e-mail addresses through people listing them as a contact.
// I expressed concern about their policy regarding non-member data a couple of years back (http://forums.theregister.co.uk/post/347474, blog articles, ...), and found that the relevant detail in both the actual "your friend invites you" mails and the related sections of the web links therein was considerably less clear than what members are told that advice is (found via tosback.org when the article about them appeared, rather than from the people giving my email address out in evident ignorance of Facebook keeping a record I don't want made). I didn't think it was particularly clear they're a trust-e member either, but at least (maybe) these things are documented on-site somewhere even if the end-user education is abysmal. Disappointingly, little seems to have improved in the intervening year-or-so :(