Evan Schuman's StorefrontBacktalk

Facebook is now every retailer’s best friend, with Wal-Mart’s Sam’s Club being the latest chain to incorporate the social site giant into its mobile app. But how far can—and should—retailers push the social data?

Many of the privacy arguments in Washington surround what advertisers can do online, but few focus on the data that retailers collect from site/mobile visitors. Does that mean that retailers are in the clear or merely that politicians have yet to figure out that loophole?

In much the same way, Facebook’s privacy restrictions focus on allowing others to access a member’s information. But it says nothing about restricting what a user can do with his friends’ info. In other words, consider the info that a Facebook user legitimately has about people on his/her friends list. Can they then share that with anyone else, without getting their friends’ permission?

This gets into some interesting issues. A political Web video ad circulating late last month asked recipients to log into their Facebook accounts and to then watch the video. That video was then filled with customized references, incorporating the user’s name (spoken outloud by the actress’ voice), image, hometown, list of friends and other pieces of confidential data.

That political video, in theory, was limited to showing consumers their own private information. Although a bit unnerving, it wasn’t truly revealing anything private.

What if a retailer asked consumers to do the same thing, but the chain then automatically scanned the posts of those friends, looking for any hints as to what gifts they might like. When a friend posts that his motorcycle is in being repaired again, maybe a gift certificate to the local motorcycle store?

Maybe a work colleague confides that she’s thinking of having an affair with this guy at her gym. Perhaps a 2-hour consultation with a good divorce attorney would be appreciated?

The realm of gift recommendations is a tricky one, as Amazon has internally debated how far it should go. At the same time, the largest retailer has been granted patents for ways that really push the envelope, from the ability to recommend to strangers to this week’s techniques on automatically returning gifts from certain people.

When a Facebook user agrees to be on someone’s friend list, doesn’t that imply a trust of that person with their private data? Is it the responsibility of Facebook to police that trust? More to the point, should it be the responsibility of a retailer to nobly turn away such information if a customer is willing to share?

Let’s take it down a tech notch. If a consumer uses private information that friends have E-mailed him/her to select the best gifts for those friends, there’s no issue. What if that consumer brings printouts of those E-mails to Best Buy and shows them to an associate and asks for gift selection assistance?

If you’re OK with that, what if the gift-giver instead went to Target and used some gift-analysis kiosk to analyze those E-mails for gift hints? That hypothetical kiosk could interface with the user’s mobile device, which would have all of those E-mails stored. And then a retail app would be downloaded, automatically for automatic analysis of all E-mail on that mobile device.

Forget the kiosk. What if it was a mobile app all on its own? And what if that app could also access all Twitter, Facebook, LinkedIn confidential data that the consumer has access to?

As the old joke goes, “we’ve already established what you are. We’re now just haggling over price.”

How far chains will dare go in working with this data is an open question. That’s because chains will be blamed for privacy violations even if they are fully in the right. By enabling customers to breach the privacy of their friends, retailers will likely be blamed as much as if they did it directly.

That may not be right nor fair. But it will happen.