28

Is Facebook allowed to sell information about their users to other companies?

For example selling name, address and IP information on a specific geographic location could be very valuable information for competitive ISP's trying to win customers from each other.

According to Facebook's privacy help page it sais:

While you are allowing us to use the information we receive about you, you always own all of your information. Your trust is important to us, which is why we don't share information we receive about you with others unless we have:

  • received your permission;
  • given you notice, such as by telling you about it in this policy; or
  • removed your name or any other personally identifying information from it.

By registering at Facebook, have I already given my permission?

Chris Dale
  • 16,119
  • 10
  • 56
  • 97
  • 26
    Facebook is an US American company, which is a country with unbelievable poor privacy-protection laws. Facebook is doing many things that would be illegal for a German company according to the privacy advisor of the state Schleswig-Holstein and the national consumer protection minister. The state SH is preparing investigations against local companies and organisations which embed the Facebook plugins on their websites without a proper service provider agreement. (Facebook does not sign service provider agreements in compliance with German law at all) – Hendrik Brummermann Oct 31 '11 at 19:20
  • 3
    @ Hendrik Brummermann, plz post it as answer. I have irresistible urgency to upvote it – Gennady Vanin Геннадий Ванин Nov 02 '11 at 11:31

6 Answers6

31

There is a classic phrase:

"If you are not paying for it, you're not the customer; you're the product being sold"

In case of companies' liquidation, they openly sell their user databases on the internet as one of the liquidated assets.

Well, think this way. If Microsoft bought , say, Skype, had Skype sold its user database and what is the sense/value of Skype, or Facebook, without their user database?

Besides, online service companies, like Facebook, are functioning on the basis of license (terms of service, etc.) agreements with users not contracts.
That means that if one of the sides breaks it, this would constitute violation of copyright law not contract law.

Update:
Here is an excerpt from

  • Hundreds of websites share usernames sans permission.
    Photobucket, Wall Street Journal, Home Depot take liberties with your personal info
    http://www.theregister.co.uk/2011/10/11/websites_share_usernames/

    • "Home Depot, The Wall Street Journal, Photobucket, and hundreds of other websites share visitor's names, usernames, or other personal information with advertisers or other third parties, often without disclosing the practice in privacy policies, academic researchers said.

      Sixty-one percent of websites tested by researchers from Stanford Law School's Center for Internet and Society leaked the personal information, sometimes to dozens of third-party partners. Home Depot, for example, disclosed the first names and email addresses of visitors who clicked on an ad to 13 companies. The Wall Street Journal divulged to seven of its partners the email address of users who enter the wrong password. And Photobucket handed over the usernames of those who use the site to share images with their friends."

  • Your phone company is selling your personal data (CNN, Nov 1, 2011)

    "Verizon (VZ, Fortune 500) is the first mobile provider to publicly confirm that it is actually selling information gleaned from its customers directly to businesses. But it's hardly alone in using data about its subscribers to make extra cash"

  • Facebook is blurting out your private information
    no date but comments start on Oct, 2010, and the author regularly tweet this article (Nov, 2011)

    "... the moment you land into one of their [Facebook's] “trusted partners” sites, your personal information has just been given away"

I could not resist from visualizing the comment by Hendrik Brummermann from this answer here pointing to this image found on the web:
enter image description here

as well as to answer that answer by quote of "Privacy Zuckering" definition:

  • "The act of creating deliberately confusing jargon and user-interfaces which trick your users into sharing more info about themselves than they really want to."
    (As defined by the EFF).

    The term "Zuckering" was suggested in an EFF article by Tim Jones on Facebook's "Evil Interfaces". It is, of course, named after Facebook CEO Mark Zuckerberg

13

Yes - Facebook's customers are not you, me or other individuals, but companies. Individuals and their data are the product, not the customer.

Companies who provide a Facebook app can get any information about you that they want.

Facebook is allowed to provide this information to their customers - you can prevent it by never installing any Facebook apps, and ensuring all information privacy checkboxes are selected, but the defaults let your information go to all manner of companies in many countries!

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • "*Companies who provide a Facebook app can get any information about you that they want.*" - only if the uses chooses to provide it. Generally, Oauth scopes are limited to only the essential data. In Facebook terms, it's "basic profile info". In my opinion, if users don't care to read what they're authorizing, the consequences are their own. – Chris Cirefice Aug 15 '16 at 03:08
  • Chris - sadly not - see @DW's answer. – Rory Alsop Aug 15 '16 at 17:39
  • Well I suppose that this was in 2011 - lots of issues back then. Nowadays, at least with applications that I've built using Facebook, the restrictions are much more clear and concise. I'm not sure if that's because of the Oauth2 upgrade (in terms of sharing data with other applications). But of course they could still be violating their own privacy terms in different and more subtle ways... – Chris Cirefice Aug 15 '16 at 17:42
5

Note that the FTC recently filed a suit against Facebook alleging that Facebook had violated their own privacy promises. The FTC's suit was successful; Facebook settled and agreed to change their practices.

The FTC accused Facebook of violating their own public promises and privacy policy in multiple ways. The charges are rather remarkable. Among them:

  • "Facebook promised users that it would not share their personal information with advertisers. It did."

  • "In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance."

  • "Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used."

  • "Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need."

See the FTC complaint for further details.

Even today, after the FTC settlement, it is important to understand that any third-party application you install will potentially get access to a lot of information that Facebook has about you, even if you selected privacy options in an attempt to keep that information private. Those applications could sell that information to others.

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 2
    +1 thanks, I just wanted to add that what most of all pisses me off, it is continuous changing, tricking, gambling of ToSes, rules, conditions in convoluted tricking ambiguous words by online "free" services. Even if I bother to spend my time to study them once, it is just a waste of time since conditions are being changed weekly. – Gennady Vanin Геннадий Ванин Nov 30 '11 at 19:00
0

There is nothing you can do about Facebook selling your data, like Hendrik Brummermann, WebMAOhist, etc. all said. There are however ways to prevent Facebook from learning quote so much about you.

I recommend that you install the browser plugin AdBlock+ and block facebook content from all non-facebook pages by adding these or similar custom rules :

||facebook.*$domain=~facebook.com|~127.0.0.1
||fbcdn.*$domain=~fbcdn.com|~facebook.com|~127.0.0.1

There is still an incredible amount of your information that Facebook will resell, but they won't know quite as much, especially what other websites you frequent.

Jeff Burdges
  • 837
  • 5
  • 9
  • Overall, I consider this answer misleading (and off-topic). IMO, under "Facebook" the questioner named appellatively just any online company (it is senseless to fight against all the internet). Otherwise, b/c of one isolated separate company, I wouldn't care to answer. It is also not the Facebook that is important but the business standards, ethics and status-quo established for others. In a competition of armor and bullet, the former always lags behind. Main:it is not technical problem and trying to solve it by technical means diverts possible solving of this problem into the wrong direction – Gennady Vanin Геннадий Ванин Dec 02 '11 at 03:24
  • 1
    Yes, the question is tagged legal, but scurity.SE is firstly a technical Q&A site, and this provides an immediate partial solution. Also, webbug blocking plugins like Ghostery do not currently block webbugs that add functionality, like Facebook chat, for obvious reasons. This probably needs to change. – Jeff Burdges Dec 02 '11 at 04:43
-4

I may be mistaken, but i was under the impression that FB cannot directly sell information about you, but they can sell trends of information that could relate to you.

Basically, similar to Patient-Doctor confidentiallity. The doctor can not give information which specifies your personal details, but can openly discuss "Patient X, male, middle-aged and lives in New York, suffers from Disease Y, with these conditions"

In that way, Facebook cannot sell information such as your name, sex, age, IP, etc. However, they can sell generalised information such as: "X% of female users, aged 18-20, from Tacoma, follow this trend, respond to certain posts, and frequently use the word 'Beiber'"

Having said that, FB can record all information about you, including the particulars mentioned above. This implies that there are a security issues in the case of a server breach, the information can be demanded legally (https://nakedsecurity.sophos.com/2011/11/15/divorcing-couple-ordered-to-exchange-facebook-passwords/), or down the line, they may sell that information.

I do not believe that people should avoid such social media sites, but should just be cautious of what is posted to a permanent record of your life.

Jason C
  • 251
  • 2
  • 16
  • 3
    Facebook is allowed to sell anything they tell you they are going to sell. They can change what they are going to sell, in theory, at any point. They are suppose to only sell stuff you made public, this is a simplification of the terms you agree to of course, they might or might not have followed this own agreement per the FTC agreement. – Ramhound Dec 01 '11 at 18:02
  • 2
    Well, this is the gist of this tricking - a user subscribes for one set of conditions that are later being changed for different ones RETROACTIVELY, UNILATERALLY, SNEAKILY (w/o notification, the user himself should track such changes) and without re-agreeing with another side of "agreement" (ToS). While this is status-quo in the internet established by big players (1st of all, Google, Facebook, etc.), in essence such tricksting is well-know ancient scam con scheme and fraud – Gennady Vanin Геннадий Ванин Dec 02 '11 at 03:37
-8

No , I don't think facebook sell personal information to anyone and no they are not allowed as stated in their policy. Facebook is really a big player which doesn't need to sell these infos of the their users to any company .What they do is they show targeted ads according to geographic location like if a company wants their ads to be seen by only American users then facebook arrange this without giving any info of their users. There is one case in which facebook will share personal information to any particular user, if Security Agencies like FBI , CIA asks for it.

  • 7
    [Facebook and you](http://i.imgur.com/WiOMq.jpg). – Hendrik Brummermann Nov 10 '11 at 10:20
  • 2
    Facebook does sell our data. They don't sell everything because if they did, there would be nothing to sell, if people even noticed. – Ramhound Nov 10 '11 at 17:23
  • The comment by @HendrikBrummermann I tweeted and it was one of the most re-tweeted of my tweets. – Gennady Vanin Геннадий Ванин Nov 30 '11 at 19:09
  • @Ramhound , it is not that important what they sell but how. The main issue is the flexibility, convenience, size/centralization of access and management of info what has the most value – Gennady Vanin Геннадий Ванин Nov 30 '11 at 19:09
  • @WebMAOhist - I agree. I was just pointing out that if Facebook sold everything, that they would have less data to sell, since all of the accounts would be deleted. This assumes even after the account information is deleted, your information is deleted, i am going to guess it won't bere since its Facebook's data. – Ramhound Dec 01 '11 at 18:05
  • @Ramhound , I'd better clarify my point. Hardly anyone cares about rare data (bit, bytes, gibberish digits and names) but about information, based on it, and its quality(updated,online,in real-time, cross-referenced, on big amount of data, etc). One can be the owner and sell information (the result of analysis, cross-tracking) without being the owner of the used data (collected by harvesting of public/free or owned by others data or users data of your online service). And vice versa, one can sell only (harvested rare) data. Or both data and information. – Gennady Vanin Геннадий Ванин Dec 02 '11 at 04:21
  • For ex., my client sent me 300 GB of bank records for data-mining (determining past trends and make statistical forecasts). Can I resell it if it is complete gibberish - nonsense field names under codes, any concrete data (personal names or geo names omitted), only their (obfuscated) symbolic IDentifiers with digits of depositing-withdrawal amounts, their dates + a giberish data under obfuscated codes of field names? An ocean (300 GBs) of nonsense alpha-numeric gibberish! But I can sell information based on it. Well,FB sells both data and high quality (on-line, updated, convenient) information – Gennady Vanin Геннадий Ванин Dec 02 '11 at 04:29