Facebook apps to need permission before using profile data

Posted by Emma Woollacott

Facebook's really keen on privacy these days, and it's now rolled out a feature requiring outside applications and websites to make it clear to users which parts of their profiles are being shared.

Apps previously had only to ask permission to use any profile information which wasn't public. This meant that, for many people,  email addresses, birthdays and photos were all fair game, without the user necessarily being aware. Around 70 percent of Facebook users use external apps in any given month.

However, users won't be able to pick and choose which pieces of information they share. It's an all-or-nothing decision, and clicking 'no' will simply mean that the user can's access the app.

"To access the private sections of your profile, the application has to explicitly ask for your permission," explains chief technology officer Bret Taylor on the company blog.

"For example, JibJab is an interactive greeting card website that needs access to my photos and my friends' birthdays and photos so I can create personalized greeting cards. Based on the new model, JibJab must specifically ask for that information."

The new feature comes as part of the major changes to Facebook's privacy policy announced in April, and at the particular instigation of privacy officials in Canada.

The Center for Democracy and Technology (CDT) has welcomed the move, suggesting that it may curb the desire of some app developers to know your shoe size and sexual preferences before deigning to let you use their products.

"Now that they have to be transparent about what types of data they are collecting, application developers may think twice before asking for access to information in excess of what they need to deliver their advertised product," says CDT policy analyst Erica Newland.

She also approves of a new requirement for developers to provide an easily-accessible mechanism by which users can request deletion of all personal data that an application has received from Facebook.

"While it will be impossible to enforce this requirement in full, Facebook will be able to hold accountable those applications that operate in violation of the policy and that come to the company’s attention, either through spot checks or complaints," she says.