Facebook issued a 747-page response to the additional questions that Congress had after this spring’s hearings on social media privacy. The company revealed that it had shared information about users' friends with dozens of companies even though it had promised to end the practice in 2015.
Facebook’s Flexible “Data Restriction”
Back in 2015, after Facebook discovered the Cambridge Analytica scandal, the company took steps to restrict third-party developers’ access to its users' friends data. However, these new rules didn’t apply to everyone.
Facebook continued to allow 61 software developers to access friends data after announcing that it had blocked everyone else from accessing the same data. These partnerships continued for at least six more months. Facebook said it simply wanted to give these developers time to embrace the new changes and minimize the disruption to their businesses.
Among those that received the extensions:
- the dating service Hinge
- Russian internet giant Mail.ru
- sportswear firm Nike
- car manufacturer Nissan
- casino-type game developer Playtika
- music streaming service Spotify
- courier company UPS
Facebook also allowed 52 other partners to “recreate Facebook-like experiences.” These companies had full access to the Facebook user data, including data on the users’ friends. Facebook said that it had ended the partnership with these companies, which included:
- Dell
- Huawei
- Kodak
- LG
- O2
- Orange
- Virgin Mobile
- Warner Bros
Another 14 companies still benefit from extensive user data access. Some of these include:
- Nokia
- Vodafone
- Yahoo
- Zing Mobile
Another Cambridge Analytica In The Making?
Critics have pointed out that these deals could have allowed companies such as Huawei, which is now among the Chinese companies that are no longer trusted by the U.S. federal government, to abuse data in the same way Cambridge Analytica did. Facebook has rejected this argument, stating that the situation was different then because these companies were its close partners and not random marketing firms.
The civil rights group EPIC also issued a statement saying that, in these responses to Congress, Facebook has essentially admitted to violating the 2011 settlement agreement with the FTC. In 2011, the FTC said Facebook “deceived consumers by failing to keep privacy promises.”
In March, the Acting Director of the FTC stated:
"Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook."
In the years since the settlement, the FTC has also allowed Facebook to be “audited” by third-party companies, instead of conducting the audit itself. This failure to properly enforce its agreement with Facebook is part of the reason why companies such as Cambridge Analytica were later able to abuse Facebook’s lax data access rules.
Facebook said that it has already suspended 200 applications, although all of those seem to come only from five developers and many of them were only “tests.” Facebook also temporarily suspended 14 apps linked to the Canadian data analytics company AggregateIQ (AIQ).
Facebook doesn’t seem to have any issues yet with how Palantir, a military-focused data-mining company owned by Facebook board member Peter Thiel, uses Facebook data.
