Right, how is sharing a user's friend list, especially when that user has provided explicit permission, worthy of a fine?
Under that premise, Google should immediately be sent a cease & desist as they allow users to share access to all e-mails and e-mail history with 3rd parties without any fine-grained access control.
Because of this, many users are providing full e-mail scan access to questionable 3rd party apps like calendars/trip planners/marketing tools. This is a significant security issue not just from a privacy standpoint, but also given that almost all sites allow password resets via email. It's just a matter of time until one of those gets hacked or starts siphoning off & saving user e-mail en-masse.
This Facebook issue also pales in comparison to browser plugins that request access to view & modify any website. Another place where lack of fine-grained access controls have forced both plugin designers & users into a terrible security model.
