Salinger Privacy

  • About
    • About Salinger Privacy
    • Videos, Podcasts and Media Mentions
    • Work with us
  • Consulting
    • Our Consulting Services
    • Privacy Impact Assessment
    • Privacy by Design advice
    • Algorithmic Impact Assessment
    • Privacy Compliance Reviews
  • Training
    • Overview
    • Training Calendar
    • Public Courses and Workshops
    • In-house Privacy Training and Workshops
    • Online Training
    • Webinars
    • IAPP Certifications
    • Training Advisory Services
    • Login
  • Privacy Resources
    • Privacy Resources
    • Compliance Kits
    • Resources on key privacy topics
    • Free Handbook
    • Newsletter
    • Login
  • Who We Are
    • Anna Johnston
    • Melanie Casley
    • Andrea Calleia
    • Stephen Wilson
    • Chris Culnane
  • Blog
  • Contact
  • Compliance Kits
    • For Business
    • For NSW Public Sector
    • For Victorian Public Sector
    • For Australian Government
    • Login

Find your friends … and then invade their privacy

January 16, 2016, Stephen Wilson

Share this post

Share this post on twitter Share this post on Linkedin Share this on Facebook

The highest court in Germany has ruled that Facebook’s “Find Friends” function is unlawful there. The decision is the culmination of legal action started in 2010 by German consumer groups, and confirms the rulings of other lower courts in 2012 and 2014. The gist of the privacy breach is that Facebook is illegitimately using details of third parties obtained from members, to market to those third parties without their consent. Further, the “Find Friends” feature was found to not be clearly explained to members when they are invited to use it.

My Australian privacy colleague Anna Johnston and I published a paper in 2011 examining these very issues; see Privacy Compliance Problems for Facebook, IEEE Technology and Society Magazine, V31.2, December 1, 2011, at the Social Science Research Network, SSRN.

Here’s a recap of our analysis.

One of the most significant collections of Personally Identifiable Information (PII) by online social networks is the email address books of members who elect to enable “Find Friends” and similar functions. This is typically the very first thing that a new user is invited to do when they register for an OSN. And why wouldn’t it be? Finding friends is core to social networking.

New Facebook members are advised, immediately after they first register, that “Searching your email account is the fastest way to find your friends”. There is a link to some minimal explanatory information:

    • Import contacts from your account and store them on Facebook’s servers where they may be used to help others search for or connect with people or to generate suggestions for you or others. Contact info from your contact list and message folders may be imported. Professional contacts may be imported but you should send invites to personal contacts only. Please send invites only to friends who will be glad to get them.

This is pretty subtle. New users may not fully comprehend what is happening when they elect to “Find Friends”.

A key point under international privacy regulations is that this importing of contacts represents an indirect collection of PII of others (people who happen to be in a member’s email address book), without their, knowledge let alone authorisation.

By the way, it’s interesting that Facebook mentions “professional contacts” because there is a particular vulnerability for professionals which I reported in The Journal of Medical Ethics in 2010. If a professional, especially one in sole practice, happens to have used her web mail to communicate with clients, then those clients’ details may be inadvertently uploaded by “Find Friends”, along with crucial metadata like the association with the professional concerned. Subsequently, the network may try to introduce strangers to each other on the basis they are mutual “friends” of that certain professional. In the event she happens to be a mental health counsellor, a divorce attorney or a private detective for instance, the consequences could be grave.

It’s not known how Facebook and other OSNs will respond to the German decision. As Anna Johnston and I wrote in 2011, the quiet collection of people’s details in address books conflicts with basic privacy principles in a great many jurisdictions, not just Germany. The problem has been known for years, so various solutions might be ready to roll out quite quickly. The fix might be as simple in principle as giving proper notice to the people who’s details have been uploaded, before their PII is used by the network. It seems to me that telling people what’s going on like this would, fittingly, be the “social” thing to do.

But the problem from the operators’ commercial points of view is that notices and the like introduce friction, and that’s the enemy of infomopolies. So once again, a major privacy ruling from Europe may see a re-calibration of digital business practices, and some limits placed on the hitherto unrestrained information rush.

 

Photograph (c) Shutterstock

Filed Under: Uncategorized

If you enjoyed this blog, subscribe to our newsletter to receive more privacy insights and news every month.

Privacy Compliance Kits

Recent Posts

  • OAIC determinations shed light on when data is regulated as ‘personal information’
  • Big Tech, Individuation, and why Privacy must become the Law of Everything
  • Should birds of a feather be FLoC’d together?
  • Why can’t Aunty get the ABCs of privacy right?
  • Privacy law reform in Australia – the good, the bad and the ugly
  • Between 7 and 11 lessons you can learn from the latest OAIC privacy case
  • Privacy and gender: what to ask, when and why
  • What covid apps can teach us about privacy, utility and trust in tech design
  • Cat or carrot? Assessing the privacy risks from algorithmic decisions
  • Not too much identity technology, and not too little

Archive

  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015

Search

Salinger Privacy we know privacy inside out

Salinger Privacy can help you navigate the complexity of the regulatory environment, and ensure the trust of your customers.

CONTACT US

T: 02 9043 2632
PO Box 1250, Manly NSW 1655
Email Enquiry

© Salinger Consulting Pty Ltd
ABN 84 110 386 537

Our Privacy Policy

Subscribe to our newsletter.

These details will be added to our mailing list to receive the Salinger Privacy eNews and Product News newsletters. You can unsubscribe or adjust your preferences at any time, from the bottom of any newsletter.