Is there any reason to think the companies given access didn't slurp up the Facebook data for themselves? Have any of them denied it or tried to qualify what they did with their access to the Facebook API?
Back in the day, I was part of a team that built an app that used Facebook Connect/what they were then calling the "Graph API" for login, and our app certainly saved all the data that Facebook made available back into our own database.
> You may use Account Information in accordance with your privacy policy and other Facebook policies. All other data may not be transferred outside your app, except to your service provider (per, Section 3.7) who needs that information to provide services to your app. With the exception of Account Information, you may only maintain user data obtained from us for as long as necessary for your business purpose.
I imagine some smart lawyers worked pretty hard on that. I imagine that most companies have their own smart lawyers who write "[their] privacy policy" to say "we can do whatever we want with your data...to provide you better service." I assume that your app's backend is the "service provider" in question.
IANAL, but I read that as saying it's kosher with FB for your app to push data up to the mothership.
The phrase "for as long as necessary for your business purpose" sure sounds like "indefinitely" to me. Maybe my business is still hoping to make some money from that data?
Back in the day, I was part of a team that built an app that used Facebook Connect/what they were then calling the "Graph API" for login, and our app certainly saved all the data that Facebook made available back into our own database.