Facebook has been pilloried for not caring enough about our privacy. But now they face a call to offer data portability, something that could, if not carefully designed, compromise the privacy we so wanted last year.
Facebook disabled blogger Robert Scoble’s account after he ran automated scripts against the site. The site’s Terms of Service say that you agree not to “use automated scripts to collect information from or otherwise interact with the Service or the Site.”
The general consensus seems to be that this was Scoble’s data and so he should be able to do whatever he likes with it. But that information he’s trying to get wasn’t all his. Apparently he wanted information about his “social graph”: the friendships he has recorded on Facebook and profile data about those friends.
Even if Scoble’s Facebook friends agreed to let him view their data on Facebook, they didn’t agree to let him take that information wherever he wants to do with what he wants. He could use a screen scraping program to grab data that they consider just-among-friends and stick it out in public without any regard for their privacy settings. You might say, “Scoble wouldn’t do that” but it’s Facebook’s responsibility to see that it doesn’t happen.
Data portability could be designed into Facebook in such a way that it doesn’t compromise user’s privacy. At the very least, an opt-in to profile sharing outside Facebook would need to be provided. Allowing uncontrolled screen scraping is not the answer.