[bigB]

You have consented to your friend having your data in his phonebook...it has nothing to do with Facebook. Its like saying that if your money is in a bank, and that bank gets robbed then the theives are responsible for you getting your money back, not the bank. You as a third party have no recourse on Facebook, but you should against your friend who shared the phonebook with consent

As for the grandma analogy, you indeed did consent to your data being shared, as thats what you agree to as being part of Facebook

[jschwartzi]

The problem is that the world you're arguing for is one where I get all my friends to sign a contract before I give them my personal details. Nobody wants that, not even in exchange for whatever Facebook provides. It's a perverse expectation rooted in some kind of idea that all human exchange must be regulated by some contract.

And thieves are indeed liable for returning money.

[lopmotr]

It doesn't have to be a contract, it can just be trust, of the same type that people use to tell friends their personal feelings or whatever. If you know someone's who's a gossip, they might be fun to talk to but you wouldn't tell them you cheated on your wife because you don't trust them in that way.

[jschwartzi]

So in other words no different from my expectations today.

[Zarel]

But what's the real answer?

Imagine my friend writes down my phone number in his iPhone's contacts list, and then installs an app – let's say some random game. The game asks for permission to access contact info, which my friend grants because he's careless. The game steals contact info and does various nefarious things with it.

In this analogy, Facebook is Apple, and Cambridge Analytica's app is the phone game. I don't think there's a good solution to this problem, except to make it harder for third-party apps to access contact information, which both Facebook and Apple have been doing.

[jschwartzi]

Or make it illegal to harvest this type of information without express consent from the first party. Meaning that in order for the game to gather the contact info it must ask everyone in your contacts list if it's okay.

It doesn't stop your friends from oversharing but it creates a contract between you and the party requesting your information so there's now some legal recourse for how they use your data. And if the law creates liability for app distributors to ensure apps follow the law then Google and Apple are now on the hook for allowing violations.

[Zarel]

So then would it be impossible for me to write down your phone number in my phone, without my phone's contact list app asking you for permission first? That seems kind of excessive.

[jschwartzi]

In my first post above I am arguing against this. So no.

What I am arguing for is that it should be against the law for third party apps to copy your contact details from someone else's phone without your permission.

[whyever]

How do you make someone liable for returning privacy?

[michaelt]

  As for the grandma analogy, you indeed did consent
  to your data being shared

I didn't do the quiz, though - so I didn't get the "Allow Access?" prompt [1] where I consented to share my data with the quiz company.

Is Facebook saying that consent form is irrelevant, and they're entitled to share your data with new companies without showing you that form to get your consent? If so, that seems like the kind of deliberately deceptive approach to that gets people asking for GDPR.

[1] https://jibjabbloggedyblog.files.wordpress.com/2010/06/34454...