Facebook recently decided to put a hold on its plans to share users’ phone numbers and addresses with third parties, in response to the controversy created by the move. At the time, Facebook said it would disable the new feature while the company made changes that would ensure Facebook users were aware of the potential for data sharing. But, wrote Facebook Director of Developer Relations Douglas Purdy on a company blog post, “we look forward to re-enabling this improved feature in the next few weeks.”
Now lawmakers are demanding to know what exactly the company’s plans are.
The co-chairs of the Congressional Privacy Caucus, Rep. Edward Markey (D-Mass.) and Joe Barton (R-Texas), sent Facebook CEO Mark Zuckerberg a letter asking for more detail about how this sharing will take place, what the opt-out options will be and even why Facebook had decided to go this route to begin with.
Questions for Mark Zuckerberg
A summary of the letter’s demands are posted here, on Congressman Markey’s homepage, spelling out exactly what the lawmakers want to know. This includes questions about what user information would be shared, what Facebook’s process was for developing and vetting the feature and why the company decided to temporarily shelve it, what internal company policies and procedures Facebook has for ensuring new features meet Facebook’s privacy policy requirements, whether the feature represents a change to Facebook’s privacy policy, what the risks are to children and teenagers, and what opt-out options will be available.
The lawmakers also brought up the issue of Facebook User ID sharing that was uncovered last fall after an article in The Wall St. Journal’s series “What They Know” on personal data privacy revealed that Facebook IDs were making their way into the hands of third parties, including advertisers and so-called “data brokers.” Not only can Facebook IDs be used to identify a person by name, the Journal found, some Facebook apps were sharing those IDs with advertising and data firms. One firm, RapLeaf, was discovered to have linked those IDs to its own database of Internet users, which it sells, said The WSJ.
In response, Facebook moved to encrypt those IDs to better protect its users. The company had also sent a response to lawmakers questioning its actions back on October 29, 2010. That letter was brought up again in this latest request. It reads:
Please explain why Facebook, while previously acknowledging in its letter to us that sharing a UID [Facebook ID] could raise user concerns, subsequently considered sharing of a user’s home address and mobile phone number – even more sensitive personal information than a UID – to be information that should be more easily accessible to third parties.
In conclusion, the lawmakers requested that Facebook address all the issues raised in the new letter by Feb. 23, 2011.
Facebook’s Original Plan for Sharing Mobile Phone Numbers and Addresses
The proposed feature would have allowed Facebook application developers the ability to access the mobile phone number and home address stored in a user’s Facebook profile. According to some critics, the application permissions dialog box doesn’t make it clear that the application is requesting such personal information. Instead, in a list of items the app requests, the text“Access my contact information” is bolded and in smaller, grey text beneath that request is a note that reads “current address and mobile phone number.”
Enough people don’t read these dialog boxes as it is, despite how invasive their permission requests may already be. Asking for personal, private information such as this should be better highlighted at the very least, critics said.
We’ve asked Facebook for comment on this issue, and will update if or when it responds.
Update: Below is Facebook’s official statement.
As an innovative company that is responsive to its users, we believe there is tremendous value in giving people the freedom and control to take information they put on Facebook with them to other websites. We enable people to share this information only after they explicitly authorize individual applications to access it. This system of user permissions was designed in collaboration with a number of privacy experts. Following the rollout of this new feature, we heard some feedback and agree that there may be additional improvements we could make. Great people at the company are working on that and we look forward to sharing their progress soon.
