Facebook defended its data sharing practices after a report revealing that certain partners of the social network had access to a range of personal information about users and their friends. The New York Times late Tuesday reported that some 150 companies – including powerful partners like Amazon, Microsoft, Netflix, and Spotify – could access detailed information about Facebook users, including data about their friends.
The report marked yet another potential embarrassment for Facebook, which has been roiled by a series of scandals on data protection and privacy and has been scrutinized over the hijacking of user data in the 2016 US election campaign.
Konstantinos Papamiltiadis, Facebook’s head of developer platforms and programs, said in a blog post early Wednesday that the Times report was about “integration partners” which enabled “social experiences – like seeing recommendations from their Facebook friends – on other popular apps and websites.” Papamiltiadis added that “none of these partnerships or features gave companies access to information without people’s permission,” and maintained that the deals did not violate a 2012 privacy settlement with the US Federal Trade Commission.
Just hours after the first blog post by Papamiltiadis, the company posted another blog post sharing more details about its partnerships with the companies. The Vice President of Product Partnerships at Facebook, Ime Archibong, went ahead to clarify that the company did not disclose private messages of users to its partners without their consent. He added that the company worked with four partners so that it could integrate the messaging features in their products. However, the experience only worked if the users opted to use Facebook login.
Archibong maintained that such features are common in the technology industry stating that it is similar to when users allow Amazon Alexa to read aloud the emails of a user from the Mail app on Apple devices. According to the details, users could send messages to their friends about what they are listening on Spotify, or watching on Netflix, share folders on Dropbox or receipts about money with the help of the mobile app from Royal Bank of Canada.
These partners were given “Write access” because without that users could not send messages to their friends. “Read access” was necessary for these apps so that the user could read the messages back and “Delete access” was given so that if users deleted a message from Spotify then it would be removed from Facebook also.
Ime maintained that no app or partner could access, read, write, or delete messages from your Facebook chat without your permission. To ensure that everything worked well, the company had proper negotiations along with other details including documentation.
According to documents seen by the Times, Facebook allowed Microsoft’s Bing search engine to see names of Facebook users’ friends without consent and gave Netflix and Spotify the ability to read private messages.” The report said Amazon was able to obtain usernames and contact information through their friends, and Yahoo could view streams of friends’ posts.
While some of the deals date back as far as 2010, the Times said they remained active as late as 2017 and some were still in effect this year. Papamiltiadis however said that “we’ve been public about these features and partnerships over the years because we wanted people to actually use them.” “They were discussed, reviewed, and scrutinized by a wide variety of journalists and privacy advocates,” he said.
But he said most of the features are now gone. “Still, we recognize that we’ve needed tighter management over how partners and developers can access information,” he added. Netflix said in a statement the feature was used to make the streaming service “more social” by allowing users to make recommendations to friends, but that it stopped using it in 2015.
The company even stated that the feature was “never that popular so we shut the feature down in 2015.” It also clarified the claims of accessing private messages of Facebook users by adding, “At no time did we access people’s private messages on Facebook, or ask for the ability to do so.”
Spotify offered a similar response, indicating the music service “cannot read users’ private Facebook inbox messages across any of our current integrations.” The Canadian bank RBC, also cited in the New York Times, said the deal with Facebook “was limited to the development of a service that enabled clients to facilitate payment transactions to their Facebook friends,” and that it was discontinued in 2015.
Facebook has already been called before lawmakers in the US and elsewhere to defend its data policies since news broke this year on the misuse of personal data in 2016 by Cambridge Analytica, a British consultancy working on Donald Trump’s campaign.
A report prepared for US lawmakers revealed this week showed detailed information on how Russian entities manipulated Facebook and other social networks to support the Trump effort. Senator Brian Schatz said the latest revelations highlight a need for tougher controls on how tech companies handle user data. “It has never been more clear,” Schatz tweeted. “We need a federal privacy law. They are never going to volunteer to do the right thing.”
With inputs from PTI.