> However, Facebook does have the obligation to not share info of users who didn't explicitly consent to it with third party apps
But Facebook is not sharing info of users' friends. Users are sharing information about their friends.
If a user should not be able to access particular information about their friends, then the onus is on Facebook to restrict that access. It was Facebook's fault for exposing excessive data to users' friends during the Cambridge Analytica scandal and it's their fault for doing the same thing now.
Facebook needs to clean up their own mess instead of suing research groups for taking advantage of it.
>It was Facebook's fault for exposing excessive data to users' friends during the Cambridge Analytica scandal
I don't follow this logic at all. The data shown to users' friends is the same data that is shown to them now. Which is usually all their public photos (nothing from private albums), the friend list (if they didn't make it private), etc., only the stuff that friends are expected to be able to access (and still can). And on the list of permissions on the permission request page, the app had a separate line for "friends' info" specifically (just like it has for every single permission requested), so there was nothing sneaky about it. The CA app asked users to provide them the same data about their friends that they can see in the browser by visiting their friend's page (and page only, nothing private or your messages with them; basically, only the info that everyone in the same security group that you are in sees). The exact same set of data that the browser extension this whole thread is about is accessing.
With that error corrected, it sounds like you are arguing for the case that FB was not at fault during the CA scandal because of all those logical reasons you brought up, and then conclude that FB was at fault and CA was in the clear.
I am reserving my own judgement on who was at fault, but I hope you can see why your reply left me (and likely some other people) confused.
As a cherry on top, CA didn't acquire the data directly from the app, as it wasn't their app. They got the data later on from a research team at Cambridge University's Psychometrics Center, which was the one originally collecting it. Sounds eerily similar to the scenario at hand.
Facebook created a platform which allows users to access information about others users who have agreed to be "friends". A third party then came along and asked users for the information which their friends gave them access to. The users gave the third party the data.
I'm not missing anything here, right?
If the third party should not have access to the data, then neither should the friends who gave it to them. Facebook is responsible for allowing the users access to the data.
If users should have access to the data, then it's the friends' fault for agreeing to be Facebook friends with those users in the first place. Alternatively, it's Facebooks fault for not making it clear what data is made available to friends.
Either way, I don't see how this is a problem with thr research group.
I guess you could argue that the data was still technically owned by the friends and therefore the users had no right to give it away. In which case the fault belongs to the users.
>Either way, I don't see how this is a problem with thr research group.
Which is a valid take, not trying to say that your logic doesn't make sense. It does. But it is literally no difference in terms of what happened during the CA scandal, so all the same rules apply here. If you are ok with this group of researches and think they did nothing wrong, and that FB should have let them have the data, then the CA situation was a perfect happy road scenario for you. Because in that case, CA just got that data, and FB didn't stop them. Win-win, right?
Also, regardless of how valid this take is, FB was ordered by FTC to prevent third party sharing of friend data like that from happening. So FB's hands are kinda tied on this one.
Exactly, the FTC order asks FB to prevent data about someone from leaving FB's servers and go into a third party's database unless that person explicitly allows it.
But Facebook is not sharing info of users' friends. Users are sharing information about their friends.
If a user should not be able to access particular information about their friends, then the onus is on Facebook to restrict that access. It was Facebook's fault for exposing excessive data to users' friends during the Cambridge Analytica scandal and it's their fault for doing the same thing now.
Facebook needs to clean up their own mess instead of suing research groups for taking advantage of it.