TechCrunch has a great piece on how Facebook tracks you even if you don't give them data. (link; be careful, opening this link drags my browser to a crawl.) Here's my take on the issue:
I have always been disturbed by the complicity of invading other people's privacy, forced upon us when we use a service like Facebook (or Google or you name it). For those of you who allow these websites to import your address book, have you thought about whether those friends and acquaintances of yours want to have their private information given over to a private company of your choosing? Have you considered whether you need permission from those friends and acquaintances to pass along their contact details, their birthdays, etc.?
Perhaps you are not aware of how the data in your address books are being used. Try setting up a Facebook account and *not* importing your address book. If the email address you use for registering is an existing email, upon signing in, you will find a gigantic list of people that Facebook thinks you know and suggest you "friend". How does Facebook figure this out? You can bet that almost everyone of those people has shared their emails or address books with Facebook, and since you are on their address book, it is logical to conclude that you may be friends with them.
If you have Gmail, the situation may be worse. Gmail has this function that saves every email address on your incoming emails. So all kinds of people appear on your address book, including spammers who happen to penetrate their spam filters. When Gmail first started out, they told us they would mine the emails for data to help target the ads. I haven't checked their terms and conditions lately; it wouldn't surprise me that they now use that data to "improve their service". For example, the problem of wrongly assuming every contact in your address book is a friend is solved by counting the number of emails you received from each of those contacts.
From a user's perspective, we should think twice before sharing other people's data.
What about the data analyst? I think all data analysts should be required to take a course on privacy law. There should be a document outlining what kinds of data and what types of analyses are compliant. Data exist in many different locations, collected for many different purposes. Today, most analysts would mine anything they can get their hands on. They would merge data from different sources. There is no thought given to whether the data is approved for use in the way the analyst is intending, or whether it is legitimate to merge certain types of data. (Not every business does this type of data harvesting. I happen to work for one that does not copy your address book.)
If we don't police ourselves, we will be policed, and the rules would be stricter.