Trade-Off: Privacy and Facebook Application

Ivy Tsui is a JD candidate at Osgoode Hall Law School.

Facebook is moving forward with its plan to allow third-party developers and external websites to access users’ home address and phone numbers despite widespread criticisms.

Privacy advocates had intense reactions round the blogosphere. U.S. House of Representatives Edward Markey and Joe Barton sent Facebook a letter questioning the company’s plan and raising concerns for people who may opt to share their contact information with third-party developers without carefully understanding the ramifications.

Public objections did not persuade Facebook to abandon its plan. In a statement to The Huffington Post, Facebook claimed that the plan would make online shopping speedier:

“Despite some rumors, there’s no way for other websites to access a user’s address or phone number from Facebook. For people that may find this option useful in the future, we’re considering ways to let them share this information (for example to use an online shopping site without always having to re-type their address). People will always be in control of what Facebook information they share with apps and websites.”

In the response letter to the U.S. Congressmen, Facebook emphasized that it will take positive steps to highlight the sharing process so that the users must have to express consent as to what they share. However, I am unsatisfied with this framework because users are prone to clicking “Allow” just so that Facebook will allow access to the application, which could be a game or a quiz. In addition, the implementation of this platform could potentially “coerce” users to share contact information with advertisers just because they wanted to use the applications.

Facebook also noted that it is “actively considering” whether to allow third-party applications to request contact information from users under 18 years old. In addition, Facebook also claims that this is not a concern for minors under 13 because Facebook prohibits them from joining. However, in my view, these explanations are inadequate. It is unclear how technical measures could be effectively implemented to prohibit usage of service. Just as one could easily report another name on the account, it is easy for users to falsely report their age on Facebook. Furthermore, it does not explain how Facebook would protect the elderly, whom could have different understanding of identity theft and online fraud.

Facebook has been pushing to make the world a more open place by helping people connect and share, by creating networks of friends and activities, and allowing user profiles to be searched by the public on Google, Yahoo and MSN Search. I question whether the motivation behind this controversial plan is the money that third-party developers will be giving to Facebook. Perhaps Facebook is encouraging third-party developers to create software for Facebook. It seems to me that Facebook, by trading in users’ contact information for economic gain, is working to become the most trafficked site and ultimately, a money-making marketing channel for business.

In 2009, Canada’s Privacy Commissioner was critical of Facebook, claiming that it had breached the Personal Information Protection and Electronic Documents Act (PIPEDA) by allowing third-party developers to access to users’ contact information, keeping users information from deactivated accounts, and permitting users to “tag” photos of non-users without their consent. After Facebook implemented some platform changes to address these issues, the Privacy Commissioner concluded that the new platform is adequate to inform users regarding what information they are sharing. It would be interesting to hear comments from the Privacy Commissioner on Facebook’s decision to “sell” user’s information.

  1. I’m of two minds about this. Even though to my mind, making my online shopping experience slightly more convenient seems like a terrible tradeoff for giving my name and phone number to advertisers, part of me thinks I shouldn’t be making that decision for other people. If they WANT to consent to having their personal info handed over to advertisers, they should be allowed to make that choice.

    But I take your point that users will just click through to get access to the application, without reading the notices or considering the consequences of clicking “Accept”. I find I need to remind myself that not all members of the public are as (some would say overly) concerned about privacy issues as myself (or probably most people reading this post).

  2. I should think privacy ought to be the utmost concern for Facebook users. The mere (and proposed) convenience of having one’s address and phone number pre-entered on a shopping website is nowhere near a good bargain for the increased exposure to identity theft by allowing developers and external websites access to said address and phone number. There should be no trade-off between privacy protection and access to an app like “What is My Celebrity Look-alike” on Facebook.

    The truth remains that a majority of Facebook users are teenagers and young adults who tend not to appreciate the importance of privacy protection. They sometimes would explicitly consent to Facebook’s disclose of personal information to third parties in order to gain access to certain apps.

    The problem is further exacerbated, in my view, in the following scenario: individual A inevitably allows an app to access his/her “Friends List”, and as a result this app gets to spam his/her friends’ news feed or wall advertising itself, which leads to more people clicking on the app and allowing access. In this sense, Facebook and its app developers play off the users’ psychological desire to “fit in” with their peer groups: after all, if 10 of your friends have “allowed” the app to access their personal information, it must be alright for you to do the same, right?

    What people need to keep in mind is that most, if not all, of the apps (“Farmville”, anyone?) on Facebook have no reasonable grounds to request personal information like one’s physical address or phone number. Better yet, do not even put information of such personal nature on the Facebook to begin with! One should have a healthy amount of doubt on Facebook’s ability to protect these data for millions of users from malicious attacks by identity thieves.

    On a side note, Facebook has rolled out their new HTTPS feature ( – though users have to go into “Account Security” to enable this option.

Comments are closed.