Yesterday I reported on Robert Scoble's attempts to scrape data from his Facebook account for import to another social networking service. That data turned out to be names, email addresses and date of birth. The social network was Plaxo Pulse.
From Scoble's blog:
What does it collect?
Names and email address and birthday.
Why those? Because it’s trying to connect Facebook names with names in its database.
For instance, it learned that of the 5,000 people in my Facebook account about 1,800 were already on Plaxo.
It did NOT look at anything else. Just this stuff, no social graph data. No personal information.
Why do this?
I wanted to get all my contacts into my Microsoft Outlook address book and hook them up with the Plaxo system, which 1,800 of my friends are already on.
It’s ironic that you can import your Gmail address book into Facebook but you can’t export back out.
Scoble is keen to point out that he wasn't attempting to export any "personal information", although as Nick Carr highlights, a date of birth can be considered as personal information (along with email address and even full name). That data has been exposed to Scoble for use on Facebook but does that give him the right to then expose it to other web services? Facebook users have agreed to put their data into Facebook but not Plaxo Pulse for example. In that context, it wasn't Scoble's data to scrape. It was each individual Facebook users' data, licensed to Facebook for access through the site by other approved Facebook users.
On the other hand, Scoble wasn't adding that information to Plaxo's database, merely checking his Facebook contacts' data against Plaxo's database to see which of his "friends" on Facebook already had accounts on Plaxo. Not dissimilar to the way many web services (including Facebook itself) "kindly" offer to import a user's email address book (such as that from a Gmail account) to make it easier to find existing contacts who use said service or even invite them to join. Without such a feature, Facebook would likely not have grown nearly as fast. An advantage it seems reluctant to give to others.
Marc Canter argues that if data portability is to be done properly, social networks or any service which invites users to submit contact data should give users opt-in controls...
that give every user the ability to control en masse (or maybe even on a case by case basis) - who can export their personal data (mainly email address) via a ‘friends list’ export.
While I agree with Canter, I'm skeptical of a vendor's ability to offer these kind of power features in a simple enough manner as to truly empower ordinary users - not just those who are tech-savvy enough and who already have a good grasp of the issues in the first place. I already find Facebook's granular privacy controls overly complex and poorly implemented from a usability perspective, and I know of many users who don't know that they exist at all. The answer, in part, requires helping users to improve their social networking literacy. The same might well apply to the privacy-related issue of data portability.