Thursday, June 18, 2009

Facebook, DP and Apps

According to this article in the FT, the Art 29 Working party on Data Protection has produced an unpublished opinion which, if I read it correctly, seems to suggest that they way FB shares data with, and encourages its users to share data with, unknown and unpoliced third party "apps", needs stricter DP regulation.

According to FT,

"regulators say tighter rules are needed to protect personal data given to these third-party developers. In particular, they believe developers should be subject to tough European Union privacy and data protection rules, even when the companies concerned are located far from Europe.

At the same time, they argue that many corporate marketers who have turned to new forms of social media as a way to reach consumers should also be subjected to stiffer regulations."


Which is pretty much what Ian Brown and I suggested only two years ago :) (Incidentally that piece is finally seeing the published light of say shortly in Andrea Matwyshwn's great edited collection, Harbouring Data (Stanford U Press).

I'm not finding this opinion on the usual Art 29 page: if anyone has it in advance, I would very much like to see it.

Along with various recent reports suggesting that privacy defaults on social networking sites need tighter attention, for everyone not just children, it does seem the privacy and security risks of SNSs are finally getting the serious attention they deserve. (Is it just a coincidence btw that this happens as the Iranian situation shows more clearly than ever the power wielded by social networks these days??)

2 comments:

Anonymous said...

Here it is: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp163_en.pdf

Surreptitious Evil said...

I have a huge problem with the legalism, not with Facebook itself, but with Facebook's permissioning for independently developed applications. For context, I also play Mindjolt games online, some of which record and regurgitate my highest scores.

To enable that, Mindjolt themselves asked for a valid email address and a username and password. They clearly didn't 'need' the first, although it is a reasonable request, especially as they are providing a completely free service.

However, to play through Facebook, I need to give permission for Mindjolt to access to my contacts, my posts etc, etc. From a technical point of view, this is nonsense. All they actually need is to record a link between my Facebook account (some not-quite-random number not dissimilar to 1334531705 - apologies to Lahcen Bouftane whose number that is as I randomly altered it from that of a friend of mine) and a Mindjolt account (a number similar to 211890381), so that Facebook can pull or Mindjolt can push score updates.

Some applications need to be more invasive, fine - but the permissions (legally as well as technically) should be tailored to the need and the user can then choose whether or not the potential disturbance of privacy is worth the benefit, to them, of using the app.

As it is, I use no Facebook apps.