The WSJ did some nice investigate work uncovering how some of the most popular apps for a popular social networking site are sending user data to app makers, with at least one of the app makers selling that data. One piece of data is the user ID which is public anyways. One of the apps, however, also sends friends lists. I suspect with some deeper digging, other apps are sending a lot more data. One of the app makers states that the collection was inadvertant. The social networking site states that hijacking an account is not possible with the user ID.
This leads us to the topic of governance. How does a social networking site put in place a governance mechanism to manage 550,500 applications? How do the app makers put in place a governance mechanism to ensure that data isn’t inadvertantly collected. The app makers likely range from the small (most) to medium (some) to the large (very few).
The social networking inudstry is immature. That’s okay. It’s growing, and like any child, it’s going to fall and need some stiches on occassion (I think I read somewhere that 1/3 of the population has a scar under its chin from falling and being cut). But like any child gowing up in a tough environment, you need to grow up somewhat quickly and learn a few basic rules of the road early.
First, I don’t think social networking sites really know their business. Nor do the app makers know their business. Social networking sites are licensing app makers left and right and app makers are designing and spitting out apps as fast as they can. Neither have any idea how to make money from their creation half the time. There is no discipline or organization to their approach. It’s time for both to impose some structure. Imposing structure doesn’t mean the end of change or adaptation. My five year plan chances at least once a year- that’s life.
Second, these organizations need to grow up and put some governance in place with some teeth and resources. A large and well known cloud provider entered into the social networking field by leveraging the data provided to it by its users in a different context. Reaction was swift and harsh because the data was gathered originally for a different purpose and relationships were made public that users may otherwise have wished to be kept private. I doubt if any privacy professionals were consulted on that! Here, we have apps being deployed that have not under gone any due diligence review either internally by their makers or by the social networking site. The FTC needs to move and make an example of some of these app makers to ensure that they are putting in place some governance. This social networking site, like any organization, needs to understand what use third parties are making of its platform.
This post is long enough, but we’ll get into some real nitty gritty on how to do this soon.