> The only real difference between what was done here and then was how it was represented to the users.
That is an incredibly important distinction. There is a vast gulf between "these people asked for my data and I consented to its use" and "these people surreptitiously collected my data for purposes other than those which they disclosed."
(1) The issue is not getting the data of the people who used the app, it's the millions of their friends who were included. This is what's being implied should be thought of as a "breach" (with the media trying its darndest to make it look like Trump himself downloaded all the data into a big CSV file while laughing)
(2) Regardless of the reason for the permission being asked, the resulting dataset was collected in both instances. So I equate the outcome in my mind.
> Regardless of the reason for the permission being asked,
This seems...insane.
Informed consent makes all the difference in cases like this. How can you feel that it's irrelevant whether data was obtained under fraudulent premises, versus with explicit consent?
It would be like saying 'It doesn't matter that company A had a real product with real traction and raised $10Mm, while company B lied to investors about the amount of user activity and raised $10Mm. The resulting funds raised was the same in both instances. So I equate the outcome in my mind'.
Now, I don't mean to imply that you believe the quote above, but what you said sounds _exactly_ that outlandish to me.
> How can you feel that it's irrelevant whether data was obtained under fraudulent premises, versus with explicit consent?
Very simply: None of the millions of friends were asked for their consent in either case. There was no consent requested or premise given, the data was simply "obtained" in both cases, by the same means.
> but what you said sounds _exactly_ that outlandish to me.
Maybe because it has nothing to do with what I wrote? Allow me to make up a statement that does. "Hey, Bob, can I have access to your account so I can understand you better to advance the Obama campaign? Ok, good. Oh, and Tom's your friend, so I get his information also. ....... Hey, Bob, can I have access to your account so I can understand you better to create a personality profile? Ok, good. Oh, and Tom's your friend, so I get his information also."
Now, you are Tom. You were not contacted in any way whatsoever. You were not presented with a reason for accessing your account in any way whatsoever. Your data was simply pulled, and that is why I equate the two. I am indeed quite sane.
From the perspective of the friend (Tom), I better understand your point.
I was looking at the situation from Bob's perspective, where I think we can agree that there is a significant difference in the two formats of collection.
> (2) Regardless of the reason for the permission being asked, the resulting dataset was collected in both instances. So I equate the outcome in my mind.
this just seems like being reductive for convenience - stripping away context in the pursuit of finding some broad way to describe two things and propose some false equivalence.
> "these people surreptitiously collected my data for purposes other than those which they disclosed."
They didn't collect it surreptitiously. They collected it openly, for purposes other than those which they disclosed. Which is an unethical but not uncommon, unfortunately.
That is an incredibly important distinction. There is a vast gulf between "these people asked for my data and I consented to its use" and "these people surreptitiously collected my data for purposes other than those which they disclosed."