The Office of the Privacy Commissioner of Canada has issued a Report of Findings with respect to Facebook. The OPC investigated Facebook after a complaint by Canadian Internet Policy and Public Interest Clinic (CIPPIC)and concluded that four aspects of the complaint were well founded. In some cases Facebook has agreed to change things, but they have not agreed to recommendations about third-party applications which have access not only to your information, but that of friends who have not agreed.
When users add an application, they consent to giving the application’s developer access to some of their personal information, as well as that of their “friends.” Moreover, the only way that users can refuse to share personal information when their friends add applications is by opting completely out of all applications, or blocking specific applications.
Michael Geist has a nice summary of the finding at Privacy Commissioner Finds Facebook Violating Canadian Privacy Law, though he doesn’t mention explicitly what bothers me – the ability of an application to mine information about me if a “friend” agrees. There is, in the comments, a discussion of what can be done if Facebook doesn’t comply that is interesting.