[fanso99]

I am not buying this. It's borderline victim-blaming. An informed consent must be required. Giving access to an app is not the same as sharing your password with them and explicitly allowing them to do anything they want. Saying that, even if you do share your password, the app should not be able to collect data on your friends without their consent.

There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation. The purpose, the scale, the incentives are different. We need to stop assuming that the rules should be the same for an individual and a business just because they use the same loophole.

[baeaz]

>An informed consent must be required.

While I don't know what the prompt exactly said, I bet it was specific enough. The fact that people just click Accept without reading it shouldn't make it less binding, that would be infantilising users.

>There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation.

I agree. And that company is not Meta. So I don't understand why Meta is paying. In any case all I said was that this is one of the reasons APIs are closed and everything is a silo.

[fanso99]

> While I don't know what the prompt exactly said, I bet it was specific enough.

An informed consent from users who's information is going to be collected. In this case it was the friends of the person signing up. Again, that's the only reason Cambridge Analytica was successful. They didn't have that many users, they collected a ton of data on the users' friends.

> I agree. And that company is not Meta.

Meta had an obligation to protect its users' data. It failed at that.

[baeaz]

>An informed consent from users who's information is going to be collected.

That consent was granted the day they accepted/sent the friend request. Once the friendship was established, the other user had access to the profile information. They can do with that information as they please, which includes giving it to a 3rd party. If it's illegal to do so, the parties at fault are the user who accepted the API access request and perhaps the 3rd party, but definitely not the medium.

>Meta had an obligation to protect their user's data. It failed at that.

If I go to your profile and take a screenshot, has Meta failed at protecting your data? What if a friend gives me their password or remote desktop access to their computer and I look at your profile? Should we fine Facebook?

[fanso99]

> That consent was granted the day they accepted/sent the friend request. [...] They can do with that information as they please, which includes giving it to a 3rd party.

Hm - no. If I accept a friend request I allow that user to read my profile but I do not authorize any 3rd parties to access it. If you show me any mention of 3rd party access in a friend request - I might change my view.

> What if a friend gives me their password or remote desktop access to their computer and I look at your profile?

You don't seem to make any distinction between a first/second party (me and my friend) and a 3rd party (CA accessing data through an API). In fact there is a difference that's very clearly defined in contract law, user agreements, etc.