Responsibilities in using data about your friends
In an interesting article titled Scoble/Facebook Incident: It’s Not About Data Ownership, Ed Felton makes a useful point:
Where did we get this idea that facts about the world must be owned by somebody? Stop and consider that question for a minute, and you’ll see that ownership is a lousy way to think about this issue. In fact, much of the confusion we see stems from the unexamined assumption that the facts in question are owned.
Robert Scoble’s Facebook account was deactivated because he was running an alpha Plaxo-provided script to scrape his friend’s contact data from the site. Plaxo are an online address book company, who offer services such as syncing Outlook contact data between a person’s computers.
Facebook’s terms of service disallow the automated harvesting of data from their site, and they barred Scoble’s account for this reason. The rule is in place to protect people’s data, amusingly, as it is designed to stop the automated harvesting of data by scammers. More cynically, one can point out that it keeps the data within Facebook, ensuring people need to return to the site.
An argument put up against Facebook’s stance is that Scoble “owns” the data he was scraping. I agree with Ed that the “ownership” of the data here is a bad way to think about the problem. Even if the data is ownable, Scoble certainly doesn’t own it because it isn’t on his Facebook page: it is on the pages of his friends, meaning ownership is theirs if it is anybody’s.
There is a strong argument for the concept of ownership not being applicable in this context, for the data is neutral facts about a person. The data is, of course, sensitive as it is contact information, birthdays and so on about each person. But that it is owned? I’m not sure it’s possible to argue this.
I think this question isn’t really technical, but social, when you cut away questions of “ownership”. Stripped of ownership, the questions becomes far simpler and more difficult:
- Generally, is it socially acceptable to harvest data about other people from Facebook, where people have a reasonable expectation their data is used responsibly?
- In this case, was Scoble's activity responsible?
- Where should the line be drawn?
- In the corporate world, there are strong data protection laws; how and should the norms in that sphere be applied here?