The privacy issues that have been hounding Facebook may be coming to a head. A report in the Wall Street Journal indicates that the Facebook, along with MySpace, Digg, and a handful of other social-networking sites, have been sharing users' personal data with advertisers without users' knowledge or consent.

The data shared includes names, user IDs, and other information sufficient to enable ad companies such as the Google-owned DoubleClick to identify distinct user profiles. Some of the sites in question, including MySpace and Facebook, stopped sharing the data after the Journal asked them about it. The surreptitious data sharing was first noticed (PDF) by researchers from Worcester Polytechnic Institute and AT&T Labs in August 2009, who brought it up with the sites in question. It wasn't until WSJ contacted them that changes were made.

Not surprisingly, Facebook appears to have gone farther than the other sites when it comes to sharing data. When Facebook's users clicked on ads appearing on a profile page, the site would at times provide data such as the username behind the click, as well as the user whose profile page from which the click came. "If you are looking at your profile page and you click on an ad, you are telling that advertiser who you are," Harvard Business School professor Ben Edelman told the Journal. Advertisers contacted by the paper said that they were unaware of the additional data and did not make use of it.

Facebook has tweaked its privacy policy throughout its history, with the most recent moves to open up more user information to the public drawing heavy criticism and FTC complaints. Users have also had a tough time navigating the site's often-Byzantine privacy controls, which has led to a trickle of user defections. With these latest revelations about Facebook ignoring industry standards, not to mention its own privacy policies, that trickle may turn into a torrent.

Update: want to know how the data sharing works? We explain.