Thus far I haven’t seen anybody ask the related question of whether Scoble’s actions if left unchecked would have caused Facebook to violate EU privacy law … it’s a complicated issue indeed.

Where did we get this idea that facts about the world must be owned by somebody? Stop and consider that question for a minute, and you’ll see that ownership is a lousy way to think about this issue. In fact, much of the confusion we see stems from the unexamined assumption that the facts in question are owned.
….

Once we give up the idea that the fact of Robert Scoble’s friendship with (say) Lee Aase, or the fact that that friendship has been memorialized on Facebook, has to be somebody’s exclusive property, we can see things more clearly. Scoble and Aase both have an interest in the facts of their Facebook-friendship and their real friendship (if any). Facebook has an interest in how its computer systems are used, but Scoble and Aase also have an interest in being able to access Facebook’s systems….

How can all of these interests best be balanced in principle? What rights do Scoble, Aase, and Facebook have under existing law? What should public policy says about data access? All of these are difficult questions whose answers we should debate. Declaring these facts to be property doesn’t resolve the debate — all it does is rule out solutions that might turn out to be the best.

Fred von Lohmann of EFF agrees in a comment that there is no ownership of the data, and adds

But even if there were, it wouldn’t answer these questions. Consider sites like Flickr. Unlike the facts in Facebook, the photos on Flickr are plainly copyrighted works. But that doesn’t tell you anything about whether the copyright owner is entitled to access Flickr’s servers to make copies of the photos.

Your ownership in an intangible (copyright or patent) does not come with any right to access particular copies of it that reside elsewhere. Flickr can delete all of your photos, and if you failed to make back-ups, nothing in copyright law would provide you recourse.

When I entire my personally identifiable information (PII) into Facebook, I am entering into a social contract with two entities. I am trusting Facebook to protect my data so it is safe from malicious hackers and not sell it to malicious third parties like spammers or telemarketers, in return I provide Facebook with accurate data which improves their service and the user experience of the people in my social network. In addition, I am implicitly trusting the people in my social network not to abuse the privilege of having my personal information (e.g. by prank calling my cell phone, giving my personal details to third parties I don’t trust).

Well said.