Facebook phone app collects non-users' contact information

A new Facebook feature for cellphones is providing the company with a record of personal information about people who don't use the social networking site.
A screenshot showing information about Facebook's Contact application.
A Facebook feature for cellphones is providing the company with a record of personal information about people who don't use the social networking site.

The Contacts application is offered for BlackBerrys, as well as for Palm- and Android 2.0-based phones. Once enabled on a user's phone, it allows Facebook to upload all the names, email addresses and phone numbers from the phone's contact list.

The purpose is to synchronize a user's cellphone address book with the information in their friends' Facebook accounts. Once the phone uploads its full contact list, Facebook's servers match the information with the profiles of current Facebook users. The application then downloads any missing content about a person's Facebook friends to the phone's address book, such as names, profile pictures, email addresses, phone numbers and birthdays.

The synchronization also gives Facebook a copy of the contact information from the phone for people who have never signed up for or used the social networking site.

In response to a July 16, 2009, report by Canada's privacy commissioner that found Facebook wasn't complying with some elements of Canadian privacy law, the social networking site agreed to make changes within a year in several areas:

  • Preventing games, quizzes and other applications developed by third parties from accessing information until it obtains express consent for each category of personal information. Users' friends will also be able to block applications from accessing their information. 
  • Making it clear to users that they can either deactivate or delete their accounts, whereby only deleting will remove the information entirely. 
  • Reminding users that they need to ensure they have the consent of non-users before sharing the non-users' email addresses with Facebook. 
  • Clarifying in its privacy policy that it will retain a user's profile after the user dies so friends can post comments and pay tribute.

"We store a copy of the [phone's] local address book on Facebook," confirmed Debbie Frost, director of global communications and public affairs at Facebook.

"The information is stored on Facebook servers to facilitate the matching algorithm, which is too heavy to run on the phone," Frost explained.

She added that in the process of uploading names, phone numbers and emails from a cellphone's contact list, Facebook is also storing information about non-Facebook users.

"If we waited to get that information as people joined Facebook or matched the contacts one by one, it would literally suck the [phone's] entire battery and cost a fortune," said Frost. "That's why we take them all," she said, referring to a phone's contact entries for both Facebook users and those without accounts.

The information about both Facebook members and non-users stays on Facebook's servers after the matching algorithm has run and the synchronization is complete. The company says it archives the information about non-Facebook users in case they eventually decide to sign up for a Facebook account.

"This information is not shared with any other user on Facebook and is not shared with any other third party," said Frost.

To completely delete the uploaded contact information that is kept on Facebook's servers, a user would need to remove the Facebook application from their phone, according to the company.  

"It's important to note that if you don't want Facebook to store that, or if you want to delete the feature, you can — and we delete the information," said Frost.  

Once the program has been removed from a smartphone, Facebook says it takes a few weeks for the information to be completely deleted from its servers.

Privacy issues

Facebook is used by 12 million Canadians and 200 million people worldwide. Earlier this year it came under fire for some of the ways it handles data collected and stored by its network. For example, Facebook shared its users' personal information with third-parties in a way that breached Canadian privacy law, according to a report by the Office of the Privacy Commissioner of Canada released July 16.

Facebook updated its privacy policy in October this year, with some changes based on recommendations filed by Canada's privacy commissioner.

The Office of the Privacy Commissioner of Canada is reviewing the new Facebook policy outlined on Facebook's website, according to Anne-Marie Hayden, a spokeswoman with the federal privacy commissioner. The privacy commissioner has not had a complaint about Facebook's Contact synchronization application, Hayden said.

She added that the commissioner has investigated another Facebook feature that lets members tag photos with the names of non-Facebook users. It was concluded that it was the responsibility of the member and Facebook itself to get consent from the non-member.