New Threat to Privacy of Your Smartphone’s Address Book

by Mike Mintz on February 22, 2012 · 0 comments

in Legal Technology,,Web 2.0

Like it or not, if you have subscribed to a mobile social network through your smartphone, chances are your address book has been made available to other viewers and you weren’t even aware of it.

Recently, it came to light that the social network company Path, which allows its users to post personal journals to friends and family, had uploaded and stored its users’ iPhone address books.  Ironically, its website has this to say about its privacy policy: “Path is private by default. You are always in control of your moments and who can see them.”  To its credit, once Path became aware of the problem, it removed the data from its computers. However, the recent revelation regarding Path is hardly an isolated incident.

For example, eBuddy, an online messenger for MSN, Yahoo, Gtalk, Facebook, ICQ, MySpace and AIM (AOL), which allows its users to chat online anywhere, also uploads its subscribers’ address book, and it makes no bones about it. It defends the action, claiming that it is in its users’ best interests to do so. eBuddy claims that instead of requiring users to sign up, create a user ID, and go through all the other tiresome steps needed to join a social network, it uses a pre-existing database, i.e. the users’ address book.  eBuddy claims this is the only way to achieve this result in an efficient manner.  When a new user joins eBuddy, the contacts of pre-existing members are scanned to see if the new user features in any of their contacts.  If there is a match, both are sent an alert to connect to each other.

These thorny privacy issues are more relevant than ever, given the European Union’s new requirement, previously discussed here, that a user give informed and meaningful consent before his data is shared.  How can a user give informed and meaningful consent in situations like those involved in Path’s and eBuddy’s situations?  Furthermore, what data is considered personal, and therefore needs to be protected, and what data is not ‘private’?

One thing is certain, burying a consent in a voluminous end user license agreement weighed down with obtuse language that could make your head spin, should you even dare trying to decipher it, is insufficient to satisfy the European Union’s new privacy requirement.  A European user has to be consciously aware of what he or she is relinquishing when they sign up for one of these social networking services.

In a delicious twist of irony, Apple, the big Daddy of apps, does not even follow its own privacy guidelines. These guidelines prohibit a user’s personal data from being used without his or her consent.  Apple does not, however, seek the user’s consent before using their personal address book, somehow implying that a person’s address book is not “personal”.

As critics point out, many of Apple’s apps require a user’s permission before using their personal data, so why not require a user’s consent before scanning their address book?

After coming under criticism for its selective application of its privacy guidelines, Apple recently clarified its position and asserted that apps that collect or transmit a user’s contact information without their permission is in violation of Apple’s guidelines, and that in the future, any app wishing to access a user’s contact data will need the user’s explicit approval first.

It will be interesting to see how the European Union and other jurisdictions will handle the privacy issues presented by the ever growing field of new apps created by social networking sites.

Add a Comment

Asterisks (*) indicate required fields.

Use of and participation in this website are subject to Terms & Conditions