Facebook's latest move to automatically share user data with certain third-party sites, without specific permission from users, has critics ablaze, according to reports.
The social networking site announced in a blog post over the weekend that it would allow a list of "pre-approved" third-party Web sites to access user data from Facebook, such as names, profile pictures, gender, user IDs and friend connections.
Facebook will share information tagged by users under "Everyone" privacy setting, said the blog post.
However, critics say this causes a problem because Facebook sets "Everyone" as a default setting across all privacy fields, automatically data from users who may not be aware they have to manually turn this off, to be shared with the pre-approved third parties.
According to reports, Microsoft's researcher Danah Boyd said during her SXSW keynote earlier this year that most users were unable to break down the jargon on their Facebook privacy settings. She said in her experience, every user she has explained these settings to had mismatched expectations of what data they were giving the site permission to reveal.
Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), told the Financial Times over the weekend that the watchdog, which in December last year filed a complaint with the U.S. Federal Trade Commission against Facebook, may consider filing another or amending the existing one.
EPIC's previous complaint was triggered by the automatic "Everyone" setting, which Facebook first implemented in June last year.
The Canadian Privacy Commissioner last July also dished out several recommendations to fix "serious privacy gaps" on Facebook, which the social networking site responded last August by tightening up its privacy settings to allow users finer control over data that third-party sites can access.
The social network's latest policy echoes its efforts with Facebook Connect, a universal log-in API that allows users to log into third-party sites with their Facebook identities.
Facebook has often come under strong criticism over its privacy policies, including the site's Beacon service. Launched in 2007, the service sent data from Web sites to Facebook and was intended to allow for targeted advertising on the social networking site. It also published user activity on third-party sites to Facebook's news feed.
After a class action lawsuit was filed, Facebook shut down the service in September 2009 and proposed a US$9.5 million settlement to fund online privacy causes. The proposal was approved in court last week.