Facebook has told Congress repeatedly and in no uncertain terms that its sharing of user IDs with third-party applications is not a breach of privacy, but is instead "critical" to Web surfers' ability to tap into "innovative, social experiences" from thousands of companies delivering value to millions.
But it did say it was taking steps to prevent third parties from sharing that info with data brokers and ad companies, which is already a violation of its policies.
That came in a response to Reps. Joe Barton (R-Tex.) and Ed Markey (D-Mass.), co-chairs of the House Privacy Caucus, who had sought answers to a bunch of questions after The Wall Street Journal reported that Facebook IDs were showing up in the referrer URLs of third-party applications.
Barton thanked the company for its prompt response, but said that Internet privacy policies would be "in the crosshairs" in the next Congress.
However, Facebook said that the newspaper's uncovering of the "inadvertent sharing" of those user IDs by third parties was an issue of legitimate concern, though it also noted that, at most, the ID enables access to info that a user has already agreed to make publicly available.
IMarne Levine, vice president of global public policy, said Facebook is already developing a mechanism "that will prevent UIDs from being transmitted to applications via URL, and which, in turn. will prevent the inadvertent passing of UIDs via referrer URLs." In response to this being an industry-wide problem -- the WSJ in a follow-up report made that point, according to Levine --Facebook is preparing "to launch an industry-wide initiative to equip browsers with privacy controls that would prevent such inadvertent passing of information."
Levine told the Congressmen that Facebook does not benefit financially from any information sharing between third-party applications and ad or Internet tracking companies, and that its policy expressly prohibits that sharing. She also said the "handful" of third parties that were intentionally sharing user IDs with data brokers had been dealt with and that the data would be deleted.
She said as far as the company knew, no data related to any user, minor or otherwise, was breached via the referrer URLs, which includes the sensitive medical and financial information that legislators are particularly concerned with protecting.
"It's good that Facebook was in a hurry to respond to our concerns, but the fact remains that some third-party applications were knowingly transferring personal information in direct violation of Facebook's privacy promises to its users," said Barton in a statement.
Barton is ranking member of the House Energy & Commerce Committee and would like to be its next chairman. "Millions of people put their information into the hands of Facebook and services like it because they believe what they're told about walls protecting their privacy," he added. "I want the Internet economy to prosper, but it can't unless the people's right to privacy means more than a right to hear excuses after the damage is done."
"No one likes being friends with someone who invades their privacy," Markey added.