Facebook gave dozens of companies access to user data such as friends lists and private messages
Details have come to light about the deals Facebook struck with the likes of Microsoft, Spotify, Netflix, Apple and Amazon. A report by the New York Times revealed that the social network had given numerous companies access to a plethora of private user data, ranging from the names of friends, to private messages.
Facebook has responded by saying that no access was granted to third parties without user permission, but questions remain about whether users were fully aware of the level of access companies had to their data, or whether they knew they were agreeing to sharing private data.
- Facebook Messenger update adds Boomerang looping videos, new Selfie mode and AR stickers
- Facebook API bug may have exposed 6.8 million users' private photos
- Facebook Watch is a disaster... so now it will target an older audience
- Facebook defends the privacy of Portal as the smart devices start shipping
The New York Times has obtained hundreds of pages of documents dating back to 2017. The documents come from Facebook's internal system for tracking its partnerships, and they give an insight into how the social network shares user data with other companies.
The report in the NYT makes several revelations including:
Facebook allowed Microsoft's Bing search engine to see the names of virtually all Facebook users' friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users' private messages.
The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
It is the "without consent" part which is perhaps most worrying.
But Facebook has, unsurprisingly, jumped on the defensive, insisting that everything is above board and that users had in fact given consent to data sharing. Importantly, Facebook does not deny the sharing of data, but it has a very different take on the matter:
Today, we're facing questions about whether Facebook gave large tech companies access to people's information and, if so, why we did this.
To put it simply, this work was about helping people do two things. First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners. Second, people could have more social experiences -- like seeing recommendations from their Facebook friends -- on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify.
To be clear: none of these partnerships or features gave companies access to information without people's permission, nor did they violate our 2012 settlement with the FTC.
But just how consent or permission was given will undoubtedly lead to further criticism. Facebook says:
Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner.
Writing specifically about whether "partners" gained access to users' private messages, Facebook says:
Yes. But people had to explicitly sign in to Facebook first to use a partner's messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify's desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person's messages in order to power this type of feature.