For example, eBuddy, an online messenger for MSN, Yahoo, Gtalk, Facebook, ICQ, MySpace and AIM (AOL), which allows its users to chat online anywhere, also uploads its subscribers’ address book, and it makes no bones about it. It defends the action, claiming that it is in its users’ best interests to do so. eBuddy claims that instead of requiring users to sign up, create a user ID, and go through all the other tiresome steps needed to join a social network, it uses a pre-existing database, i.e. the users’ address book. eBuddy claims this is the only way to achieve this result in an efficient manner. When a new user joins eBuddy, the contacts of pre-existing members are scanned to see if the new user features in any of their contacts. If there is a match, both are sent an alert to connect to each other.
These thorny privacy issues are more relevant than ever, given the European Union’s new requirement, previously discussed here, that a user give informed and meaningful consent before his data is shared. How can a user give informed and meaningful consent in situations like those involved in Path’s and eBuddy’s situations? Furthermore, what data is considered personal, and therefore needs to be protected, and what data is not ‘private’?
One thing is certain, burying a consent in a voluminous end user license agreement weighed down with obtuse language that could make your head spin, should you even dare trying to decipher it, is insufficient to satisfy the European Union’s new privacy requirement. A European user has to be consciously aware of what he or she is relinquishing when they sign up for one of these social networking services.
In a delicious twist of irony, Apple, the big Daddy of apps, does not even follow its own privacy guidelines. These guidelines prohibit a user’s personal data from being used without his or her consent. Apple does not, however, seek the user’s consent before using their personal address book, somehow implying that a person’s address book is not “personal”.
As critics point out, many of Apple’s apps require a user’s permission before using their personal data, so why not require a user’s consent before scanning their address book?
After coming under criticism for its selective application of its privacy guidelines, Apple recently clarified its position and asserted that apps that collect or transmit a user’s contact information without their permission is in violation of Apple’s guidelines, and that in the future, any app wishing to access a user’s contact data will need the user’s explicit approval first.
It will be interesting to see how the European Union and other jurisdictions will handle the privacy issues presented by the ever growing field of new apps created by social networking sites.