That consent is contained in the TOS that you and all of your friends agreed to when you signed up for Facebook. Further, the access to friend data has always been more limited than you imply here, and more recently, it’s become so limited that using apps for data collection about friends is almost a pointless endeavor.
"Well duh, it says it right there in section 37, paragraph 12, in dense legalese – how could anyone be surprised?"
Perhaps the very best thing that could come out of this is an end to the longstanding legal fig leaf of lengthy, complex legal documents presented as click-through agreements somehow constituting "informed consent."
I fully agree with this, there should be laws that enforce TOS length and legibility for those who didn't take the bar exam or had their personal counsel available before clicking I Agree.
Or create a universal TOS where service creators can just check off various options, in the same way that Creative Commons created a universe copyright licensing agreement.
This is the only reasonable way I can see going forward.
I recall reading once that a person would need a lifetime's worth of time (50 years? 80?) just to read and understand the legal ramifications of the contracts and TOS he or she must agree to in order to use software.
Clicking "I agree" is probably the most obvious and common lie told by humanity today. Something has to change.
I mean terms of service are not that hard to read. Facebook's TOS is only 4k words long. It is not particularly dense or full of legalese. I have written source code comments a tenth that length for a single function. That is not many words to describe the plethora of implications of using their service.
Go ahead and have a glance at it. What would you remove from it that wouldn't cause a significant gap?
Some example clauses:
> For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
(They have to put this. If they didn't, they would get sued by someone who shared a video and then was mad that other people could see it.)
> Facebook users provide their real names and information, and we need your help to keep it that way. Here are some commitments you make to us relating to registering and maintaining the security of your account:
>
> You will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.
(Not exactly dense legalese. It is good to ban impersonation, and it is right that they should include such a ban in their terms.)
> We’ll notify you before we make changes to these terms and give you the opportunity to review and comment on the revised terms before continuing to use our Services.
(Seems reasonable to me. Many years ago, people used to complain that the terms changed without notice, so FB committed to not doing that any more.)
I don't know. This whole "terms of service are impossible to read except by a lawyer" meme just doesn't hold water for me.
Great. So far so good. Where was the part where I agreed they could harvest my profile information because a friend filled out a quiz/questionnaire/etc.?
When you use an application, the application may ask for your permission to access your content and information as well as content and information that others have shared with you. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information. (To learn more about Platform, including how you can control what information other people may share with applications, read our Data Policy and Platform Page.)
You gave access to your friends, who then authorised access to the application.
Let's see what the readability of the FB TOS is, using a random Googled analyzer, in this case https://readable.io:
Readability Grade Levels
A grade level (based on the USA education system) is equivalent to the number of years of education a person has had. A score of around 10-12 is roughly the reading level on completion of high school. Text to be read by the general public should aim for a grade level of around 8.
Flesch-Kincaid Grade Level 12.6
Gunning Fog Index 13.9
Coleman-Liau Index 11.8
SMOG Index 14.9
Automated Readability Index 12.4
Average Grade Level 13.1
The whole point is that you cannot meaningfully consent to give out information about your friend since they’d have to consent to that. Even acknowledging they exist and are your friends is already information. To make matters worse, the v1 API would happily hand out information about your friends, such as their likes without _their_ consent. Not your privacy is breached - theirs is. And there’s no way user A can meaningfully consent to have user B’s information exposed.
That's just not how it works. Apps could for example request access to all messages. Let's make that a physical world example: I write you a letter that contains private details. Are you free to share this letter with third parties? The established legal precedent is clearly "no, not at all." Another example: I allow you to peek into my diary. I shared my private thoughts with you. Are you now allowed to go out and trumpet those out in the world? No, not by any standard. So the default assumption is that things shared privately are private, not public. There are cases where a higher good allows to breach that assumption, but "financial gain" has never been accepted as a higher good in such cases.
Failing to honor that assumption is facebooks fault here.
Actually, that is how it works. Unless there is an NDA in place between you and I, I can share anything you choose to share with me, especially in the context of a social network where we both agreed to and are bound by the same TOS where we authorized exactly this kind of sharing.
There is a setting to globally disable and enable all apps. If you disable it, no apps can see you, even if your friends use the app. Facebook actually has tons of settings - discoverability is a big problem
And they change all the time, often resetting defaults. And without notice. Playing “respect
my privacy” whack a mole with a billion dollar company grows old quickly.
“... the planning charts and demolition orders have been on display at your local planning department in Alpha Centauri for 50 of your Earth years, so you’ve had plenty of time to lodge any formal complaint and it’s far too late to start making a fuss about it now. ...“
This will hopefully be a learning experience for everyone- consent doesn't make something right, nor will it prevent legal investigations and implications. In addition, I'd assume less then 0.1% of users read any TOS.
The point is that Facebook disclosed to you that this might happen. Failing to read the TOS is not the same as not having been informed. If you fail to read your mortgage contract but sign it anyway, you’ll still lose your house if you don’t live up to the terms. And for the record, the friend data that Facebook makes available to apps is far from “all” of it, especially nowadays
In Australia, people who work for organisations that sell mortgages have a professional duty they're required to perform by explaining to you, to your face, in simple terms, what certain parts of the contract mean and what obligations each party has, and sign off that they are satisfied that you understand.
I don't recall that ever happening when a TOS was displayed on any of my electronic devices.
In EU all sorts of EULAs are invalid almost by definition and have proven time and time again that they don't stand up in court. Terms of any contract have to be reasonable - if your mortgage has a clause that says "the bank can terminate your mortgage for displaying flower pots on the north side of the building" that would 100% not stand up in court. Yes, you agreed to it, but it's not a reasonable clause.
> access to friend data has always been more limited than you imply here, and more recently, it’s become so limited that using apps for data collection about friends is almost a pointless endeavor.
Not sure what was limited, but you were able to get name, age, location, gender, photo, categories set (the profile stuff that I don't think many use any more), and other info. That seems more than enough to start building a profile on someone that you have no relationship with. Particularly if you're able to collect in quantity and join the dots.
> more recently, it’s become so limited that using apps for data collection about friends is almost a pointless endeavor.
I was aware it had changed some, but not when or how much. You seem to agree that it used to be useful for data gathering on friends.
That's less than ideal when most of us have connections to teen, and elderly, relatives who might be insufficiently suspicious of a fun questionnaire. To over-generalise a little neither group is renowned for tech awareness.
When I click a button that says I agree to share my data with a third party app, I am also clicking it on behalf of all of my friends. Where in the TOS does it say that?
When you use an application, the application may ask for your permission to access your content and information as well as content and information that others have shared with you. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information. (To learn more about Platform, including how you can control what information other people may share with applications, read our Data Policy and Platform Page.)
How can you give consent to share with a third party what I have shared privately with you? Just because the TOS says so doesn’t make you exposing my private Information consentful.
Look at the example of what LinkedIn and WhatsApp and all its ilk does: I don’t want to be on those platforms. But friends upload their address books all the time, so I’m fairly sure they all have a full view of my social connections. How and where did I agree to that? How can my friends meaningfully consent to that on my behalf?
Once again, your friends agreed to the possibility of this happening when they agreed to the TOS. I’m on my mobile phone right now, so I won’t be combing through the TOS looking for the specific clause atm. Maybe in an edit later. But it’s there.
In the US if you are unable to enter a legally binding agreement if you are intoxicated... Users who aren't reading anything, just ticking a box with a mouse click and hitting next defeats the purpose of a legally binding agreement.
If both parties aren't all committed or informed, this is simliar an intoxicated person entering a legally binding agreement.
These so-called "clickwrap" or "browser-wrap" agreements have definitely been found to be enforcible. However the details of exactly how the agreement was presented and what the user had to click can affect their enforcibilty.
