Yesterday the Financial Times reported that European privacy regulators may place tighter restrictions on the type of personal data that’s shared with third-party developers. The argument is that users don’t understand what information is being sent when they install an application. One US privacy advocate in the article is quoted, “Users don’t know their information is being collected and used.” While I’m not quite sure about what users are aware of, it’s also clear that the privacy advocates don’t have a clear understanding of how things currently function.
Privacy is extremely important to Facebook, who has developed some of the most robust privacy settings for any social platform. This won’t stop privacy experts from investigating the service further to determine whether or not stricter regulations are necessary. While Facebook’s settings are robust, there is nothing preventing developers from caching data indefinitely, something that some of the banned ad networks had been doing.
Who ends up being responsible for the data once accessed through Facebook’s API though? Currently Facebook already has enough challenges monitoring all the activity of their platform developers. Should regulators monitor the platform developers or should Facebook and other services offering APIs that contain personal data be forced to regulate it themselves? From a business perspective, I would imagine that Facebook would lobby against any form of regulation are regulation typically means increased costs.
While new regulations don’t appear imminent for the time being, the investigation of Facebook’s current practices suggests that there could soon be changes. As Facebook expands their reach via Connect, the service is rapidly becoming an identity platform. As an identity platform privacy will continue to be one of the biggest issues for Facebook. Do you think there should be regulation for API providers that include personal data?