Google Confirms Facebook Violation, No Personal Data Stored

Earlier this week I reported that applications were secretly transferring personal data to Google via their AdWords system and this was a clear violation of Facebook’s terms of service (TOS). It turns out that no personal data was being stored but some of the AdWords integration was in violation of Facebook’s TOS. Eric Eldon received a response from a Google spokesperson:

“We recently allowed some application partners to send us additional keywords to improve ad performance. A limited number of the keywords sent to Google did not comply with the developer’s agreement with Facebook. When we realized this conflict, we asked the partners to discontinue sending those keywords. We are no longer using those keywords. No personally identifiable information was exchanged between Google and the application developers.”

The fact that this information was leaking is definitely a problem with the Facebook platform. While it is a violation to store personally identifiable information of users that install your application, there is ultimately nothing you preventing from doing so. Additionally, as this case revealed, personal information could have theoretically leaked out even though it wasn’t exchanged in this instance. While I’m confident that Google was not intending to store the personally identifiable information, the bottom line is that the data was leaking out. This case helps reveal the issue but it definitely doesn’t appear to be an intentional violation by either the application developers or Google.