The New York Times’ explosive report detailing how Facebook allowed other tech companies like Netflix and Spotify to read Facebook users’ personal, private messages prompted a rallying cry from politicians and privacy experts for stricter regulation of Silicon Valley, denouncing Facebook’s practices as extreme violations of privacy.

CNN even ran a story suggesting Facebook may have violated their 2011 consent agreement with the Federal Trade Commission (FTC) that required Facebook implement a privacy program and receive express permission from users before sharing their data.

According to a press release, Public Knowledge Policy Counsel Charlotte Slaiman said, “If these allegations are true, Facebook violated users’ trust and likely the FTC’s consent decree. Together with the recent revelations from the UK Parliament, yesterday’s NYTimes story paints a picture that’s becoming clearer and clearer: Facebook apparently recognized the very high value of this private user data, traded it freely to curry favor with other powerful tech giants, and may have even withheld data strategically from potential competitors.”

But is there a legitimate case against Facebook? Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), thinks there may not be — and if there is, it will be very difficult to prove.

Companies — and tech companies in particular — have been sharing user data with each other for years, and usually nab user permission via “Terms & Conditions” clauses or direct warnings that certain services result in sharing personal data with third-party apps and tech firms.

“What I think is interesting here is that the idea of a company sharing data with business partners isn’t new,” Castro told InsideSources. “It is not news that many companies have integrated their apps and websites with Facebook. Indeed, the fact that in these cases Facebook paid attention to which companies they were enabling privileged access is exactly what users should want.”

In other words, by sharing some data with Netflix and Spotify, Facebook was helping to enhance the consumer experience for Facebook users who also had Netflix and Spotify accounts.

“It’s striking that many of these partnerships seemed to just be about enabling some basic social sharing features, nothing that is really that out of the ordinary,” Castro said.

As a result, it may be very difficult for the FTC to conclude Facebook harmed consumers with this particular practice.

“You have to ask, what is the standard we’re hiding them to? Because there’s no clear standard,” Castro said. “It’s unfortunate that these types of decisions aren’t based on clear rules or case law, but the FTC’s interpretation of the consent decree it got the company to sign. This means that there have been a lot of open rulemaking about what restrictions should look like and how to during the right balance between limiting what companies do with user data and ensuring they can continue to innovate.”

Facebook’s conduct in this scenario has the potential to be a standard-setting case — so the FTC will want to tread very carefully.

“It’s going to be very hard I think for the FTC to come in after the fact and say these were all in violation, otherwise it’s going to be very arbitrary because you’re saying you just don’t like what a company is doing,” Castro said. “If I were the FTC, I would be looking for deceptive behavior.”

Many of Facebook’s business practices are unsavory, Castro said,  but warned against rushing to judge everything the company does with automatic prejudice against the company.

“This wasn’t Facebook secretly selling data to make a profit,” Castro said. “This is a business doing the kinds of things it was engineered to do. I think you have to be careful to say, Facebook did something and [therefore] it’s necessarily bad.”

Other experts told InsideSources that Facebook’s conduct shows a lack of respect for users’ personal privacy, and highlights the need for a strong privacy law.

“This latest revelation underscores the need to strengthen data privacy laws in California and elsewhere to ensure users can hold companies accountable, and to resist efforts in Congress to preempt state data privacy protections,” the Electronic Frontier Foundation told InsideSources in a statement.

Follow Kate on Twitter