Mind how you go when you're dealing with real user data from Facebook. Toby Beresford, commercial director of Nudge Social Media, explains how to keep on the right side of the law
Now that one-twelfth of the planet is on Facebook, you might be thinking there’s possibly something to it. And perhaps you’ve thought there might be an audience out there for your own great social game idea.
The potential rewards are huge. Kristian Segerstrale recently sold Playfish to Electronic Arts for over $200m. Not a bad price for his 11million Daily Active Users (DAU). Yet he’s still dwarfed by Mark Pincus’ Zynga with its 70million DAU playing FarmVille, Texas Holdem Poker and FrontierVille.
Facebook is a massive platform for games and apps, and according to founder Mark Zuckerberg, we’ve really only just scratched the surface of what’s possible. But in social web design it’s all about the user and their friends’ data, which means that inevitably the subject of privacy raises its head. So how do the privacy settings work, and what impact do they have on developers?
Privacy management
Despite all the controversy, Facebook actually has a very good privacy management system. No other social network gives you such control over the privacy of content. This flexibility is necessary because we all have different privacy requirements for different types of information. For instance, I’m happy for my blog posts to be open to the world, while only my friends see my status updates.
For developers, navigating data privacy could be a minefield, but Facebook does most of that for us. When you call the Facebook API, for example, for a list of photo albums from friends, it only returns the albums that your current user has access to. As a developer, it’s the same thing: you can’t get any more data than an individual user can get themselves via the standard web interface.
Your applications can get access to data and to do actions on behalf of a user using ‘extended permissions’. These are the list of permissions that every app asks the user for when they first allow the app to access their data. Once it’s been granted a permission, the application can then continue to act in this way until the user revokes it.
There are several to choose from. The principle should be to only ask for those permissions you really need in order to provide the user the features they’re expecting. You can ask for further permissions later with a separate dialog box. When a user wants to receive a weekly digest email of their scores and games in play, that’s the time to ask for permission to email them.
Get top Black Friday deals sent straight to your inbox: Sign up now!
We curate the best offers on creative kit and give our expert recommendations to save you time this Black Friday. Upgrade your setup for less with Creative Bloq.
read_stream: so your app can view any stories posted by their friends to their stream, such as recent status updates or new photos.
offline_access: so your app can do stuff for your users on their behalf.
friends_birthday: if you want to make a birthday reminder app, it’s essential to find out when friends’ birthdays are!
The Developers section of the Facebook website contains all you need to get started, from libraries, documentation and web testing tools to a vibrant community forum
Your responsibilities
When releasing an application, developers must comply with the legal framework Facebook has put in place. There are three documents explaining what developers must adhere to, found at developers.facebook.com/policy:
The Statement of Rights and Responsibilities
This applies to every user and includes requirements such as only creating one user account and not falsifying any information.
The Principles (the ‘spirit of the law’)
These are summarised as:
Be trustworthy, respect privacy
Don’t mislead or surprise users
Don’t spam – encourage authentic communications
Create a great user experience
Build social and engaging applications
Give users choice and control
Help users share expressive and relevant content
Users control their privacy over what they share with friends; as a developer you can only access the same information that your user can
The Policies
These include some useful examples of what you can’t do (the ‘letter of the law’). Areas covered here include:
Stream Stories: what you can post to a user and their friends’ wall is restricted
Content: you must provide ‘report this’ buttons for UGC and avoid fraudulent or prohibited material
Application Integration Points: you’re largely prevented from encouraging users to spam their friends
Like Button and Like Box Plugin: Facebook details where the popular ‘Like’ button can and can’t be used
Advertisements: Facebook explains what sort of content you can display in advertisements, especially those you serve in your own app
Accepted boundaries
Facebook’s principles and policies are detailed. The service has active automated enforcement mechanisms that track infringements, so watch out! A typical Facebook takedown notice is sent directly to the developer via email and you’re given 24 hours (at best) to rectify the problem. Unless you’re a big developer with your own Facebook account manager, the only choice you have is to comply and hope it doesn’t destroy your application. Facebook takes a very dim view of developers who try to game their ecosystem and can in some cases shut down an entire developer.
Mark Zuckerberg encourages developers to create great apps on his platform. Here, Steve Folkes and he share a discussion on an app under development at June's Facebook Hackathon event in London
For users, the key is to maintain the ‘be trustworthy’ principle. Avoid misleading users, surprising them with unexpected results or encouraging them to spam their friends. Mostly this is common sense, but many developers test the boundaries of the Facebook system with less than popular practices. Gone, thankfully, are the days in which we had to invite 10 friends before we got the answer to the ‘What Harry Potter character am I?’ quiz.
Industry bodies
For the Facebook developer industry, there are few recognised bodies that can create standards beyond those of Facebook itself. At Facebook Developer Garages there is a useful gathering of industry participants.
Facebook’s own Preferred Developer Consultant programme helps highlight the trustworthy developers, while The Direct Marketing Association is working on an industry code of conduct for social media agencies as a whole.
Within European jurisdiction we’re bound by strong data protection legislation. Follow it! This includes declaring all user data you’re storing to the data registrar. Your users are reassured that you’re taking their privacy seriously. When launching a new app, include a good privacy policy about what data you’re storing on a user and how users can access data you store on them.
Get help
Anyone wanting to develop an app for Facebook should go to a Facebook Developer Garage near them – they’re held frequently. I founded the London garage back in 2007 and it’s been regularly attended by around 100 people every month ever since. You’ll find everyone from hardened Facebook developers to entrepreneurial enthusiasts with a great social game idea. But if you prefer to go it alone, then the Facebook developers’ resources online are a rich seam of both documentation and tools to try out API calls directly from your web browser.
Thank you for reading 5 articles this month* Join now for unlimited access
