| Boycott Watch has been reporting about Facebook privacy
issues with applications. In this article we focus on what one Facebook
developer says about security and if they comply with their own policies. One
such company, Zynga, has the following in
page: "You can control and find out more about these settings at the
SNS where you play our games."
Boycott Watch points out this is not true. In our first
report about privacy, we showed how Mob Wars, one of the Zynga games,
requires detailed information that is not required by the game, whatsoever, and
how one must agree to these terms to play the game. This image shows what Zynga
demand in order to play the game. There is no reason, for example, for a game
to need to publicly post a person's activity "and any other information
I've made public." People have the right to not allow their personal
activity at any given moment to be made public. Additionally, just because a
person posts information, there is no reason a game developer needs to track
We believe, therefore, this is completely inconsistent with
Zynga policies. In fact, since you must agree and cannot change or select what
you want to be made public in order to play the game, you inherently agree to
zero control of the information Zynga states the consumer will have control
over. Boycott Watch believes Zynga is acting inconsistently with its own
Recently, Zynga files to become a publicly traded company,
with the stock to be released December 16, 2011, so we looked at the
official S-1 filing to the US Securities Exchange Commission to see what
they disclosed about the privacy of the information they collect.
Page 14 of the Zynga IPO filing states, in the section titled
"Risks Related to Our Business and Industry" the following: "Our
business would be harmed if
Facebook changes how the personal
information of its users is made available to application developers on the
Facebook platform or shared by users."
Page 24 of the same document includes: "
Internet and mobile platforms have recently come under increased public
scrutiny, and civil claims alleging liability for the breach of data privacy
have been asserted against us. The U.S. government, including the Federal Trade
Commission and the Department of Commerce, has announced that it is reviewing
the need for greater regulation for the collection of information concerning
consumer behavior on the Internet, including regulation aimed at restricting
certain targeted advertising practices. In addition, the European Union is in
the process of proposing reforms to its existing data protection legal
framework, which may result in a greater compliance burden for companies with
users in Europe. Various government and consumer agencies have also called for
new regulation and changes in industry practices."
Page 25 states: "We receive, store and process personal
information and other player data, and we enable our players to share their
personal information with each other and with third parties, including on the
Internet and mobile platforms. There are numerous federal, state and local laws
around the world regarding privacy and the storing, sharing, use, processing,
disclosure and protection of personal information and other player data on the
Internet and mobile platforms, the scope of which are changing, subject to
differing interpretations, and may be inconsistent between countries or
conflict with other rules. We generally comply with industry standards and are
subject to the terms of our own privacy policies and privacy-related
obligations to third parties
Then "We strive to comply with all applicable laws,
policies, legal obligations and certain industry codes of conduct relating to
privacy and data protection, to the extent reasonably attainable. However, it
is possible that these obligations may be interpreted and applied in a manner
that is inconsistent from one jurisdiction to another and may conflict with
other rules or our practices. Any failure or perceived failure by us to comply
with our privacy policies, our privacy-related obligations to players or other
third parties, or our privacy-related legal obligations, or any compromise of
security that results in the unauthorized release or transfer of personally
identifiable information or other player data, may result in governmental
enforcement actions, litigation or public statements against us by consumer
advocacy groups or others and could cause our players to lose trust in us,
which could have an adverse effect on our business. Additionally, if third
parties we work with, such as players, vendors or developers, violate
applicable laws or our policies, such violations may also put our players'
information at risk and could in turn have an adverse effect on our
Essentially, Zynga is saying they really cannot guarantee the
information they gather, meaning the private information about you, your
friends and children will remain private.
Zynga further states: "The costs of compliance with
these laws may increase in the future as a result of changes in interpretation.
Furthermore, any failure on our part to comply with these laws may subject us
to significant liabilities."
Zynga, therefore, realizes there are "significant
liabilities" in the possible release of your private information, yet we
were unable to find those words on their website or any of the applications we
looked at. Boycott Watch asks if Zynga believes consumers giving them access to
their private information, and the information of their friends, should be
aware of this policy.
"The more we investigate how Facebook allows the free
flow of your private information, the more questions we have" said Fred
Taub, President of Boycott Watch. "Consumers have the right to know about
and be able to control how their private information is used. While consumers
may be offering up their private information without looking at the fine print,
there is a large amount of information demanded that has nothing to do with the
applications, not to mention how private information about your friends can be
disclosed without their consent. Now we see companies like Zynga realize there
are "significant liabilities" in the potential release of your
information, but have they told the consumers? We don't see that they have.
Boycott Watch considers the words "and any other
information I've made public" in the Facebook App permission page to be
extremely vague, as it allows Zynga to collect and store any information they
want about you and your friends, all without telling you or asking for your
specific consent. While Zynga is asking for far less information than other
application developers, there is no reason Zynga and all app developers cannot
be specific about what specific information they need, then allowing the
consumers to be informed before making up their own mind about participation.
It is also the choice of the application app user, not Zynga, to choose if and
what activity may be publicly disclosed at any given time. Zynga also needs to
be more forthcoming about what they are willing to tell investors about their
security shortcomings, and to tell the same information to app users as they
entrust Zynga with their private information."
Fred Taub continued: "Boycott Watch made several
attempts to contact Zynga before posting this article, but they declined to
comment. As such, Boycott Watch sees no reason anyone should trust Zynga with
the security of their private information; nor for that matter trust Zynga with
information about, and therefore the security of, children. At the same time
facebook needs to enforce its own privacy policies as related to application
developer access to private information. Facebook needs to protect the privacy
of its members. Period."
Boycott Watch will continue to post follow-up stories.
December 12, 2011
Database Helps Identity Theft and Terrorists
December 9, 2011
Violates Privacy by Demanding & Releasing Personal Information About You
& Others To Third Parties