[chki]

While I'm generally all for opt-in and free decision making I think some lines should only be crossed in special circumstances. Similarly to medical procedures that are only legal if the patient is very clearly informed about all potential risks (and that includes even those risks that are really not that probable) by an actual human being and not by just clicking on a button. In the case of Facebook they would in my opinion need to state very clearly that there is an albeit small risk of a breach and all collected data could be made public ("for example you employer might suddenly know which porn websites you are visiting or what people you have googled")

Big opt-ins require big explaining because people can only truly make free decisions if there is an actual effort to inform them about what is happening.

Edit: so maybe this is a bit extreme because I realize that this might similarly apply to (for example) phone manufacturers. I still think that actually analysing the traffic is a bigger risk than simply providing the phone/browser to generate the traffic because of the centralized target that is Facebook.