This article was published on October 5, 2010

Has Facebook updated its ToS to allow developers to sell your data? [Updated: No]

Has Facebook updated its ToS to allow developers to sell your data? [Updated: No]

Updated at bottom of post. A database error is to blame for misinformation. Please see below for explanation from the EFF and TOSBack.

Well, as if the privacy concerns of using Facebook itself weren’t enough, apparently we’ll now have to worry about applications selling our data too. According to a post at TOSBack, Facebook has just updated its terms of service for application developers. While the majority of the changes are rather innocuous, the big news comes from a section talking about special provisions to developers.

On the left, the old version, and on the right the new:

As you can plainly see, Facebook has removed a section that assures that application developers will not “sell user data”. Further, it has removed a section stating that Facebook held the ability to force app developers to remove tat personal data if it was being used in a way that was “inconsistent with users’ expectations”.

However, as we’re digging, we’re looking at the Terms section on Facebook which still appears to reflect the previous version:

We all have certain expectations when we join a free site. We expect, realistically, that some of our data will be used for marketing purposes. However, Facebook (as with most sites) has protected its users somewhat from third-party intrusion. Facebook apparently is still doing this, but we wonder about where the TOSBack information came from.

We’re continuing to dig, of course, and will update with what we find. We’ve also contacted Facebook directly, and are awaiting a response. We’ve also contacted the Electronic Frontier Foundation, which is the parent of the TOSBack project.

Update: I got a reply from the Electronic Frontier Foundation stating that TOSBack had been undergoing some maintenance. As such, the page wasn’t displaying correctly. The problem with this, however, is that it was displaying exactly opposite as it should have been. The sections relating to selling data have in fact been added to the terms rather than being taken away from them. Here is a screenshot of the updated TOSBack page:

As further confirmation, here is a screenshot of the email that I was sent by Tim Jones of the EFF:

This is one of those times when I have to admit a case of mea culpa. In order to bring you news as we find it, sometimes we go out on a limb. If Facebook had indeed reversed its policies on application data privacy, it would have been huge news and it would have been imperative to get that news to you quickly.  However, in my haste, I published the information as I saw it at the time, while continuing to work on the story. As such, there was a delay in providing the right information. As I said – guilty as charged.

On a side note, kudos to both the EFF and Facebook are due. To the EFF for policing sites and keeping people informed (even when things go wrong) and to Facebook for taking a continued stance on the privacy of its users. Nicely done, on both accounts.