It's not a privacy violation if you allow a user to export data that they have read-access to.
That applies more to email addresses than photos.
Of course, you can persuasively argue that users want their friends to have the right to save their contact information but not necessarily their photos (after all, contact information is worthless if you can't save it).
That applies more to email addresses than photos.
Of course, you can persuasively argue that users want their friends to have the right to save their contact information but not necessarily their photos (after all, contact information is worthless if you can't save it).