Facebook: Retail’s Accessory To Purloined Privacy

Written by Evan Schuman
November 18th, 2010

Facebook is now every retailer’s best friend, with Wal-Mart’s Sam’s Club being the latest chain to incorporate the social site giant into its mobile app. But how far can—and should—retailers push the social data?

Many of the privacy arguments in Washington surround what advertisers can do online, but few focus on the data that retailers collect from site/mobile visitors. Does that mean that retailers are in the clear or merely that politicians have yet to figure out that loophole?

In much the same way, Facebook’s privacy restrictions focus on allowing others to access a member’s information. But it says nothing about restricting what a user can do with his friends’ info. In other words, consider the info that a Facebook user legitimately has about people on his/her friends list. Can they then share that with anyone else, without getting their friends’ permission?

This gets into some interesting issues. A political Web video ad circulating late last month asked recipients to log into their Facebook accounts and to then watch the video. That video was then filled with customized references, incorporating the user’s name (spoken outloud by the actress’ voice), image, hometown, list of friends and other pieces of confidential data.

That political video, in theory, was limited to showing consumers their own private information. Although a bit unnerving, it wasn’t truly revealing anything private.

What if a retailer asked consumers to do the same thing, but the chain then automatically scanned the posts of those friends, looking for any hints as to what gifts they might like. When a friend posts that his motorcycle is in being repaired again, maybe a gift certificate to the local motorcycle store?

Maybe a work colleague confides that she’s thinking of having an affair with this guy at her gym. Perhaps a 2-hour consultation with a good divorce attorney would be appreciated?

The realm of gift recommendations is a tricky one, as Amazon has internally debated how far it should go. At the same time, the largest retailer has been granted patents for ways that really push the envelope, from the ability to recommend to strangers to this week’s techniques on automatically returning gifts from certain people.

When a Facebook user agrees to be on someone’s friend list, doesn’t that imply a trust of that person with their private data? Is it the responsibility of Facebook to police that trust? More to the point, should it be the responsibility of a retailer to nobly turn away such information if a customer is willing to share?

Let’s take it down a tech notch. If a consumer uses private information that friends have E-mailed him/her to select the best gifts for those friends, there’s no issue. What if that consumer brings printouts of those E-mails to Best Buy and shows them to an associate and asks for gift selection assistance?

If you’re OK with that, what if the gift-giver instead went to Target and used some gift-analysis kiosk to analyze those E-mails for gift hints? That hypothetical kiosk could interface with the user’s mobile device, which would have all of those E-mails stored. And then a retail app would be downloaded, automatically for automatic analysis of all E-mail on that mobile device.

Forget the kiosk. What if it was a mobile app all on its own? And what if that app could also access all Twitter, Facebook, LinkedIn confidential data that the consumer has access to?

As the old joke goes, “we’ve already established what you are. We’re now just haggling over price.”

How far chains will dare go in working with this data is an open question. That’s because chains will be blamed for privacy violations even if they are fully in the right. By enabling customers to breach the privacy of their friends, retailers will likely be blamed as much as if they did it directly.

That may not be right nor fair. But it will happen.


One Comment | Read Facebook: Retail’s Accessory To Purloined Privacy

  1. Judith McDonald Says:

    Facebook And Retail: The Privacy Slippery Slope

    The Web video ad that asked recipients to log into their Facebook accounts and to watch a video populated with customized references, vocalising the user’s name, using their image, hometown, list of friends, really highlighted the difference in generational attitudes, to the cross pollination of social media and commercialisation.

    For many of the under 20’s it is ill (cool) for the over 40’s it is just plain scary.

    The low value given to privacy for the under 25’s is often beyond the comprehension of their parents.

    Conversely the greater the wealth of the over 30’s the greater the respect or their value of privacy.

    It is going to be an interesting decade.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.