Understanding User Data and Privacy

From Facebook Developer Wiki

Jump to: navigation, search

Contents

Benefits

One of the most useful and powerful features of Facebook Connect is the ability to access a user's profile information as soon as they connect with your site. This can enable you to provide a much richer and personalized experience for the user without forcing them through multiple set-up screens.

Image:guide_data_connect.png

Facebook users create rich profiles with Facebook in order to share information with their friends. We offer rich privacy settings that allow people to feel secure sharing highly personal information including interests, thoughts, and contact information. Given this rich set of control, a significant number of Facebook users have filled out information on their profile. For example:

  • 97% of users have full name
  • 85% of users have uploaded a picture
  • 58% of users have specified education history

Once a user connects to your site or application, you are able to access and use information that the user has shared on their profile to provide a richer experience. In addition, you can access information about the user's friends and others on behalf of the user of your app - basically any information that is available to that user on Facebook can be used through the lens of your site or application.

You should use this information to immediately create a personalized and social experience. For example:

  • Localize your product or content to the user’s geography.
  • Feature content shared or created by the user’s friends.
  • Identify other users in the same geography or industry and feature content or trends of those users.
  • Create tailored or different experiences based on gender (some women sites use Facebook Connect for login and do not allow men into certain areas ☺)
  • Suggest a user’s friends to invite to your product and service based on the friends’ interests.
  • Feature key information from a user’s stream that is related to your website or application (such as featuring mentions of popular movies on a movies site).

Note: As Facebook Platform evolves, we will add more features for your site or application to request access to specific information from the user’s profile and about their friends. This will be a smooth experience that we expect will give users more clarity and control over the experience and make them more comfortable sharing more and more with your site or application.

Summary of Data Guidelines

This is a summary of the rules and guidelines for using Facebook User Data. For detailed terms and policies, please see the Appendix and referenced documents.

When a user is interacting with your website or application, there are generally two types of data about the user that you will have access to:

  1. Data accessed via Facebook APIs – data that you directly pull from Facebook APIs on behalf of the user. This information may be about the user or data that they can access about their friends.
  2. Independent data – data that a user has directly input into your application.

Please note that data which is pre-filled into a user interface on your site for a user to confirm is considered “data accessed via Facebook APIs” and is not considered independent data.

Data Accessed via Facebook APIs

Once a user has authenticated with your application or website, you can use any of the Facebook APIs listed below to access data about the user that they have made available to applications. In addition, to provide a more social experience, you may access data for a user’s friends to bring those friends into the experience. You may also request permission from the user to access information from the user’s stream to view information shared by the user’s friends.

When accessing and using the user's data, it's important to keep a few high-level things in mind:

  1. Users have provided this data to Facebook in order to share it with their friends.
  2. Users have discrete control over who can see this data via privacy settings - and your site needs to honor those completely.
  3. Users may choose to make some of this data public, which you can then use to display publicly as well (often the case for name, picture)
  4. Users can change this data at any time and often do. Most frequently changed fields are status or user posts to stream, profile picture, interests, friends, and privacy settings. Because of this, you should make sure you always have up-to-date information and may not only cache the data in your system for more than 24 hours
  5. Contact information (email address, phone number) are not directly available via the APIs. However, we do provide other APIs and permissions for you to contact users by email or SMS, or for users to contact their friends via the Stream, requests, notifications, and more. See below.

A few things to note:

  1. There is a limited set of fields you may store permanently. This includes the user’s unique user ID, a proxy email address to reach the user, and several other specific ids around photos, events, and networks. Please see the full list of storable IDs and fields and more policies (below).
  2. You can permanently store and use the Facebook user ID to associate it with any other independent data gathered in your application and keep a fully unique record for this user. You can also use this ID to uniquely recognize the user whenever they return to your site.
  3. Beyond the set of allowed storable fields, you may not store any data permanently. All non-storable data is subject to Facebook’s caching policy where data must be refreshed after 24 hours except in certain offline mobile or desktop cases. Please see the full policies below.
  4. You may not transfer this data to any 3rd parties whatsoever
  5. You may not display any of this data outside the user’s specified privacy settings which control exactly what other users can see a piece of information. This setting ranges from everyone, to all friends, or even just a selected group of friends. The APIs have ways to help you determine this – see the implementation details below. If you do not want to display information conditionally, you should only use information available to everyone.

Per point 5, in the future, Facebook may permit getting explicit consent from a user to display information within your experience not subject to their Facebook privacy settings. The policies currently state that this may be done with user’s consent and an official Facebook user interface or approval from Facebook on your user interface. No guidelines or approvals are available at this time.

Advertising Considerations

Beyond just providing a better user experience to target content and experiences to users, some of the information made available via Facebook APIs may help you better target advertisements to users. You may use this information locally within your systems to help better target advertisements, but you may not transfer this information to any 3rd party ad networks whatsoever.

Independent Data

Through the natural course of using your application or website, users will provide information directly to you. This may be done by the user directly inputting information into a blank form on your site and submitting it, or by taking actions such as rating or ranking items, or setting preferences. You may also collect implicit data such as which pages a user is visiting or which videos they are watching.

Because you have collected this data independently, you may use this data however you see fit. For example, you may transfer independent data, along with the associated Facebook User ID to any of your trusted partners. You may not include any information accessed from the Facebook API in this transfer however.

All independent data must be covered by your own terms and privacy policy. We trust and expect that you will be clear to users about what you will do with information they provide you, and protect their data securely.

As stated above, data that is “pre-filled” into a form would not be considered independent data because the user has not directly entered it into your website. For the purposes of clarity, if you use a feature such as the “invite” feature and a user selects 5 friends to invite, the fact that the user has invited 5 friend IDs would be considered independent data. But the information about those 5 friend IDs would be considered data accessed from the API.

How To: Access User Data

Read more about how you can access user data.

Appendix: Official Terms and Policies

Retrieved from "http://wiki.developers.facebook.com/index.php/Understanding_User_Data_and_Privacy"
reference