Unfortunately that doesn't stop my friends and family from uploading my name, various home, work and mobile numbers, email addresses and photos of me to Facebook when they install any of their apps or choose to let Facebook "Find your friends". Ideally that feature should be renamed "Fuck your friends privacy".
I still don't understand how that kind of feature is even remotely legal under the data protection laws in most if not all EU countries. I suspect that it isn't, but the under-staffed and under-budgeted privacy regulators don't want to pick that fight with an organisation as powerful as Facebook, even though it is exactly the kind of fight they should be picking.
I believe the real crux is that if any data protection law is voilated by passing on your details via a friend that the whole onus of responsibility is laid soley at your friend via some EULA and the like they never even bothered to read.
So in short it is your privacy laws and rights being violated, though by your friends on behalf of Facebook and the like. Morally wrong on Facebooks part as they know what they are getting but legally, they are covered more than your friends who have facebook who grassed you up to Facebook. Could call it viral peer micro marketing list scraping. I call it bad form.
I believe the real crux is that if any data protection law is voilated by passing on your details via a friend that the whole onus of responsibility is laid soley at your friend via some EULA and the like they never even bothered to read.
It doesn't work that way. The usual EU legal position, absent any special case, is that any entity acting as a data controller is subject to data protection rules.
Given explicit consent by the subject of the personal data, Facebook might have a way around this. I could believe they escaped with legalese in their terms and conditions for anyone who has a Facebook account themselves, for example, whether or not we might agree with legislation that allowed them to do so.
That would not cover data about anyone else who had not given such consent, however. I suspect they'd also have trouble arguing that position for any subject who had previously had a Facebook account but had ceased using it and effectively withdrawn their consent.
(Just to be clear, I'm not any sort of lawyer. I'm just a guy who runs businesses that sometimes deal with these issues in Europe, so I'm broadly familiar with the rules and I've taken advice from real lawyers about some aspects of them.)
Edit: It's possibly also worth noting that the EU doesn't have a general rule prohibiting all collection of personal data without consent, nor a general rule compelling a data controller to delete data on request. The situation is more nuanced than that, and has all kinds of legal wriggle room.[1] The question is whether Facebook's lawyers are somehow using that room in this sort of situation, or whether they're just hoping they'll get away with the behaviour even if they aren't sure it's legal.
Wait do in the EU you cannot disclose things like phone numbers without permission of the numbers owner? So if I told my brother the phone number of my mother without her permission I could be charged by thee state?
The rules about registering as a data controller and restricting the use of personal data usually apply to organisations rather than private individuals, so as far as I know, the kind of situation you describe isn't illegal anywhere in Europe. Similarly there are different rules for things like non-profit community groups and the like.
A company doing the same thing, however, might need either the consent of the data subject or a good reason to process or disclose that data without consent. The actual laws cover this in much more detail. But again, this is a tricky issue, because on the one hand there are supposed to be rules about when an organisation is allowed to process personal data in the first place, but on the other hand, the legally enforceable rights of individuals to prevent processing can be quite weak in practice.
In any event, if you were processing data outside the rules, it's highly unlikely you'd wind up with the state coming to arrest you for it. Normally if an individual did object it would be handled via the regulator and you'd have to be a very long way down the path before any sort of police action was involved. I suppose if you completely ignored the regulator's decisions and any resulting fines for long enough, eventually someone would probably see handcuffs.
I'm not sure whether FB would even be the right target for such an action. From my understanding of data protection laws here in Germany, the individual FB users would be the violators. I assume that the Safe Harbor treaty allows US companies to expect uploaded data to be legal.
I've seen my information all over the web which was data scraped from public government databases. A few years ago I went through the trouble of taking my information down (names, aliases, previous places I lived, employment) from these websites according their policy. For each I was request to send in snail mail to their postal address etc. I didn't need to create a login/profile to contact them. they did stop listing me, or at least I'm not as searchable online in as much depth.
not sure if Facebook has a policy for deleting information in the same regards as these spam sites. They might be legitimate and large enough to not care.
I told Facebook to delete my account as soon as they implemented this feature, years ago, and I found that (at least at the time) I could not block it on my Android phone. So, at least, I've not since then been party to giving Facebook information (they most likely have anyway) about other people, since the Facebook app is not installed on my phone.
