Boycott Watch  
December 14, 2011
Facebook Apps Developer Zynga Acknowledges
Privacy Problems in IPO, Doesn't Tell App Users
Summary: Boycott Watch examines what Zynga (ZNGA) says about Facebook security, yet won't tell the people who trust them with their privacy.
    Boycott Watch has been reporting about Facebook privacy issues with applications. In this article we focus on what one Facebook developer says about security and if they comply with their own policies. One such company, Zynga, has the following in their privacy policy page: "You can control and find out more about these settings at the SNS where you play our games."

   Boycott Watch points out this is not true. In our first report about privacy, we showed how Mob WarsFacebook Privacy Violation, one of the Zynga games, requires detailed information that is not required by the game, whatsoever, and how one must agree to these terms to play the game. This image shows what Zynga demand in order to play the game. There is no reason, for example, for a game to need to publicly post a person's activity "and any other information I've made public." People have the right to not allow their personal activity at any given moment to be made public. Additionally, just because a person posts information, there is no reason a game developer needs to track it.

   We believe, therefore, this is completely inconsistent with Zynga policies. In fact, since you must agree and cannot change or select what you want to be made public in order to play the game, you inherently agree to zero control of the information Zynga states the consumer will have control over. Boycott Watch believes Zynga is acting inconsistently with its own policies.

   Recently, Zynga files to become a publicly traded company, with the stock to be released December 16, 2011, so we looked at the Zynga official S-1 filing to the US Securities Exchange Commission to see what they disclosed about the privacy of the information they collect.

   Page 14 of the Zynga IPO filing states, in the section titled "Risks Related to Our Business and Industry" the following: "Our business would be harmed if … Facebook changes how the personal information of its users is made available to application developers on the Facebook platform or shared by users."

   Page 24 of the same document includes: "…the Internet and mobile platforms have recently come under increased public scrutiny, and civil claims alleging liability for the breach of data privacy have been asserted against us. The U.S. government, including the Federal Trade Commission and the Department of Commerce, has announced that it is reviewing the need for greater regulation for the collection of information concerning consumer behavior on the Internet, including regulation aimed at restricting certain targeted advertising practices. In addition, the European Union is in the process of proposing reforms to its existing data protection legal framework, which may result in a greater compliance burden for companies with users in Europe. Various government and consumer agencies have also called for new regulation and changes in industry practices."

   Page 25 states: "We receive, store and process personal information and other player data, and we enable our players to share their personal information with each other and with third parties, including on the Internet and mobile platforms. There are numerous federal, state and local laws around the world regarding privacy and the storing, sharing, use, processing, disclosure and protection of personal information and other player data on the Internet and mobile platforms, the scope of which are changing, subject to differing interpretations, and may be inconsistent between countries or conflict with other rules. We generally comply with industry standards and are subject to the terms of our own privacy policies and privacy-related obligations to third parties…"

   Then "We strive to comply with all applicable laws, policies, legal obligations and certain industry codes of conduct relating to privacy and data protection, to the extent reasonably attainable. However, it is possible that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to players or other third parties, or our privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other player data, may result in governmental enforcement actions, litigation or public statements against us by consumer advocacy groups or others and could cause our players to lose trust in us, which could have an adverse effect on our business. Additionally, if third parties we work with, such as players, vendors or developers, violate applicable laws or our policies, such violations may also put our players' information at risk and could in turn have an adverse effect on our business."

   Essentially, Zynga is saying they really cannot guarantee the information they gather, meaning the private information about you, your friends and children will remain private.

   Zynga further states: "The costs of compliance with these laws may increase in the future as a result of changes in interpretation. Furthermore, any failure on our part to comply with these laws may subject us to significant liabilities."

   Zynga, therefore, realizes there are "significant liabilities" in the possible release of your private information, yet we were unable to find those words on their website or any of the applications we looked at. Boycott Watch asks if Zynga believes consumers giving them access to their private information, and the information of their friends, should be aware of this policy.

   "The more we investigate how Facebook allows the free flow of your private information, the more questions we have" said Fred Taub, President of Boycott Watch. "Consumers have the right to know about and be able to control how their private information is used. While consumers may be offering up their private information without looking at the fine print, there is a large amount of information demanded that has nothing to do with the applications, not to mention how private information about your friends can be disclosed without their consent. Now we see companies like Zynga realize there are "significant liabilities" in the potential release of your information, but have they told the consumers? We don't see that they have. Boycott Watch is very confused about the Zynga privacy policy.

    Boycott Watch considers the words "and any other information I've made public" in the Facebook App permission page to be extremely vague, as it allows Zynga to collect and store any information they want about you and your friends, all without telling you or asking for your specific consent. While Zynga is asking for far less information than other application developers, there is no reason Zynga and all app developers cannot be specific about what specific information they need, then allowing the consumers to be informed before making up their own mind about participation. It is also the choice of the application app user, not Zynga, to choose if and what activity may be publicly disclosed at any given time. Zynga also needs to be more forthcoming about what they are willing to tell investors about their security shortcomings, and to tell the same information to app users as they entrust Zynga with their private information."

   Fred Taub continued: "Boycott Watch made several attempts to contact Zynga before posting this article, but they declined to comment. As such, Boycott Watch sees no reason anyone should trust Zynga with the security of their private information; nor for that matter trust Zynga with information about, and therefore the security of, children. At the same time facebook needs to enforce its own privacy policies as related to application developer access to private information. Facebook needs to protect the privacy of its members. Period."

Boycott Watch will continue to post follow-up stories.

Previous reports:

December 12, 2011
Facebook Apps Database Helps Identity Theft and Terrorists

December 9, 2011
Facebook App Violates Privacy by Demanding & Releasing Personal Information About You & Others To Third Parties

E-Mail This Page to a Friend
Enter the recipient's e-mail address:

(Click here to return to top of page)
 ©2003-2011 Boycott Watch