Facebook’s alleged data misuse hit the headlines (again) on Thursday as Business Insider revealed that the company had “harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts.” The privacy breach came to light when a security researcher questioned why Facebook was asking for email passwords when new users signed up with the platform. “Business Insider then discovered that if you did enter your email password, a message popped up saying it was ‘importing’ your contacts, without asking for permission first.”
In addition to the obvious data misuse implications, for a commercial platform to request a password for a separate application breaks every security protocol imaginable. Forgetting the contact details that were then harvested, such a security breach would have left the email content itself open to misuse. The irony is that this concern will be dismissed because it’s Facebook with the company’s unique scale and reach. And yet it’s Facebook that has lost significant user trust in recent months. If the company was prepared to download contacts without permission, why would it not also metadata tag email content inside those third-party services for commercial advertising purposes?