Google confirms Adsense ads, security problems in Facebook applications

google-logo.pngSince last month, we’ve been following Google’s efforts to tailor its Adsense ads to run in third-party applications on Facebook.

Google has finally confirmed its Facebook efforts with us, and also confirms there have been data security issues with these ads.

Yesterday, we wrote about a claim that a Facebook application was breaching Facebook user privacy and Facebook’s terms of service. According to that claim, the application was sending sensitive user profile data to Google, including one’s interests and friends, and that Google was using the data to target adsense ads on that application.

While the report made it sound like Google was collecting large amounts of Facebook user data, we heard from the accused company, Chainn, that the fears were overblown — Adsense applications were only sending over a couple of keywords to Google, and Google wasn’t storing any personally identifiable information.

A Google spokesperson has gotten back to us, telling us what happened in more detail, although it referred to several partners, and didn’t specify Chainn.

“We recently allowed some application partners to send us additional keywords to improve ad performance. A limited number of the keywords sent to Google did not comply with the developer’s agreement with Facebook. When we realized this conflict, we asked the partners to discontinue sending those keywords. We are no longer using those keywords. No personally identifiable information was exchanged between Google and the application developers.”

Why does all this matter? As Google works with social networks and third-party developers on the its own OpenSocial developer platform, it is getting new opportunities to run ads in developers’ applications on these social networks. Its ads in Facebook appear to be the first step in that direction. Another question raised is how much control Facebook should maintain over its user data. It if it takes a blogger to whistleblow, and then Google to find the transgression, how many other breaches are going undetected?