Facebook announced yesterday that they were adding the functionality for Application and Facebook connect developers to begin collecting email addresses of their users, in some cases event requiring the email address be supplied to access the application.
You can call me a pessimist but I have a feeling this opens a whole new can of worms for the Millions of Facebook users that are visiting and participating in the use of applications already – remember this: Zynga CEO Admits to Being a Scammer,The Makers of everyone’s favorite game “Farmville”. Would you trust a company that admitted to being “built on scams and spyware“? I sure wouldn’t, and as many applications are developed by small groups or individuals you likely don’t know much about… You really should be careful about what you share with them.
Another thing that is concerning about this announcement is the description about using and storing data – “Once the user has shared his or her email address with you, you can store it indefinitely, within CAN-SPAM Act regulations. If a user has already chosen to share a proxied email address with you via the extended permission, you can continue to email the user at that address“.
Facebook being a global community should set the bar higher for the use of these solutions as your “users” may not fall under the protection of CAN-SPAM opening up liabilities for the application developers. The idea being that only following CAN-Spam could potentially lead to an unintentional violation of any number of International Privacy (PIPEDA – data retention and permission – Canada) and Anti-spam laws (New Zealand and EU) that are unknown to small or inexperienced commercial email users.
My suggestions for collecting email from Facebook users:
- Only collect data with an Opt-in method – CAN-SPAM is an opt-out law, but many other countries require opt-in
- Don’t force users to register
- Set clear and easy to understand expectations about how the email address will be used
- If a user removes your application consider it an unsubscribe from the email program as well
- Add a database flag for the collection source, or use a separate list for Facebook email addresses, to distinguish collection sources in your House email file.
- Review international Spam and Privacy laws before assuming your OK to contact these individuals
- Make it simple for users to participate in using your Applications, and for them to easily suspend notifications via email.
Have your own suggestions/comments/thoughts… Please share them here in the comments.