Organizations need to review Facebook’s Platform Policies before attempting to integrate Facebook data with customer master data. While this blog does not intend to provide legal advice, I have mapped the relevant Facebook Platform Policies as of August 8, 2012 with their implications for master data management.
|Topic||Relevant Facebook Platform Policies as of August 8, 2012||Implications for Master Data Management|
|1||A user’s friends’ data can only be used in the context of the user’s experience on your application.||Organizations cannot use data on a person’s friends outside of the context of the Facebook application (e.g., using Facebook friends to add new relationships within MDM).|
|2||Subject to certain restrictions, including on transfer, users give you their basic account information when they connect with your application. For all other data obtained through use of the Facebook API, you must obtain explicit consent from the user who provided the data to us before using it for any purpose other than displaying it back to the user on your application.||Organizations need to obtain explicit consent from the user before using any information other than basic account information (name, email, gender, birthday, current city, and the URL of the profile picture).|
|3||You will not use Facebook user IDs for any purpose outside your application (e.g., your infrastructure, code, or services necessary to build and run your application). Facebook user IDs may be used with external services that you use to build and run your application, such as a web infrastructure service or a distributed computing platform, but only if those services are necessary to running your application and the service has a contractual obligation with you to keep Facebook user IDs confidential.||Organizations can use Facebook user IDs within MDM to power a Facebook app. However, organizations cannot use these Facebook IDs outside of the context of a Facebook app.|
|4||If you stop using Platform or we disable your application, you must delete all data you have received through use of the Facebook API unless: (a) it is basic account information; or (b) you have received explicit consent from the user to retain their data.||Organizations need to be very careful about merging Facebook data with other data within their MDM environment. Consider a situation where an organization merged “married to” information from a user’s Facebook profile into their MDM system. If the organization stops using the Facebook Platform, it will need to obtain explicit permission from the user to retain this information. This can be problematic when the organization has merged Facebook data into a golden copy that has been propagated across the enterprise.|
|5||You cannot use a user’s friend list outside of your application, even if a user consents to such use, but you can use connections between users who have both connected to your application.||Similar issues to topic 1 above.|
|6||You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide an easily accessible mechanism for users to make such a request. We may require you to delete data you receive from the Facebook API if you violate our terms.||Similar issues to topic 4 above.|