flickr photo by o5com

Well over this past weekend there was another privacy ruckus that filtered across tech websites and it once again involved Facebook and their plans to give developers some level of access to personal information such as your address and phone number on your Facebook profile.

It came to light Friday night, 14 Jan 2011, in a developer blog entry by Jeff Bowen:

User Address and Mobile Phone Number

We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.

Now these permissions would be granted via an opt-in process just like any other app gets them through a permission dialog like this:


(Screenshot courtesy of Facebook Developer Blog)

After this news trickled out across the web over the weekend it got everyone questioning Facebook’s willingness to just share our personal data as they choose.  Now to their credit they do warn those developers that in order to gather this information they must follow Facebook’s Platform Policies which do not allow them to use the information to spam users or misuse the information.

ARS Technica points out in a post yesterday, New privacy concerns for Facebook over phone numbers/addresses, that not every app developer follows the rules either.  In fact, they refer to an incident from last year as an example:

Just because app developers agree to follow Facebook’s terms doesn’t mean that they actually do, and many aren’t caught until it’s too late. We learned that much just a few months ago when a number of top Facebook apps were found to be collecting and selling user data against Facebook’s rules. Facebook ended up suspending those developers for six months, but by that time, the deed was already done.

As of today Facebook has taken a few steps backward in regards to this change.  On the same developer blog that announced this new addition to the API they have announced that there will be a second look on how this information will be shared, how you will authorize it and when you will let apps see it.

In the post Improvements to Permissions for Address and Mobile Number by Douglas Purdy he writes:

Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks.

Of course that useful feedback they describe from over the weekend was the collective protest of the Internet to another episode of Facebook deciding to provide 3rd party developers access to our private information once again.  Another aspect of the issue is they did not make much of an attempt to communicate or socialize this change to Facebook users – they just told developers what new personal information they were getting access to. 

To me their step back from the change they announced as a done deal on Friday is the right move but why did it even have to happen?

Facebook, along with other companies, who ask us for our personal and private information really need to start thinking these types of things through before they just jump on a developer blog and announce a new feature or access to user information.

You would think with the collective groans that occur online when there is yet another data breach or loss of personal information that these companies would really think hard about changes like this.

Maybe a solution is a new type of employee or consultant.  We have Social Media Experts at companies these days why not have Privacy Advocates who are independent third parties.  Their job would be to take a look at any idea, change, system that handles private information and apply a critical eye when it comes to handling personal data from its users.

I have no doubt that such a person could have saved Facebook a few steps backwards that they had to take today.

What do you think?