Facebook Responds to Report Saying It Hid Data Partnerships From Users

(Image credit: Facebook)

Updated, 12/21/2018, 12:10pm PT: A Netflix spokesperson provided the following statement to Tom's Hardware: "Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so." (Emphasis theirs.)

Updated, 12/20/2018, 7:10am PT: Facebook published another blog post about Netflix, Spotify, Dropbox, and the Royal Bank of Canada's access to user messages. The company said these partners were only given read, write, and delete access to user messages because those permissions were required to enable messaging features in the other companies' services. (Such as sending a song via Spotify or a movie via Netflix.) Facebook said the "partnerships were agreed via extensive negotiations and documentation, detailing how the third party would use the API, and what data they could and couldn’t access." It also claimed the features were experimental and had been shut down "for nearly three years."

Original article, 12/19/2018, 7:54am PT:

Facebook has become part of the fabric of the internet. That's partly because people use the platform to create accounts with new services, share things with their friends and receive custom-tailored experiences based on their interests. But a New York Times investigation this week has revealed that it's also because Facebook partnered with more than 150 companies between 2010 and 2017 to offer them access to its data without first informing users.

The list of partners named in the report is a who's-who of tech companies. The New York Times said Amazon could find users' names and contact information via their friends; that Bing could "see the names of virtually all Facebook users' friends without consent"; that Netflix and Spotify could read users' private messages; and that Yahoo could "view streams of friends’ posts" even though Facebook publicly said it had ended that practice.

Facebook is also said to have shared information with media companies, online retailers and automakers, among other tech companies. The full extent of these data partnerships was never revealed to Facebook's users, leading The New York Times and several privacy experts to claim the practice violated the social media platform's 2011 agreement with the Federal Trade Commission (FTC) to only share data with explicit consent.

This is the latest in a string of privacy-related controversies involving Facebook in 2018. The most notable was the Cambridge Analytica scandal that inspired lawmakers around the world to finally scrutinize Facebook's handling of approximately 2.2 billion people's personal information. But the company also came under fire after another New York Times report on its data partnerships and for numerous bugs that exposed private data.

Facebook's Response

Facebook responded to the recent New York Times' report, with most of its defense essentially being that the reports merely described APIs that enabled features its users wanted. The rest mostly comes down to neglect--it simply failed to remove APIs related to shuttered programs--and claims that it was unfair for The New York Times to complain about things it ended a few months ago when they were first revealed to the public.

"To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC," Facebook said, adding "Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner."

There's likely some truth to Facebook's claims. Compelling features often require access to more information than people expect, and when that data-sharing is explained in layman's terms, things they were fine with suddenly become outrageous. But the company's been spewing hogwash about user privacy for so long that it's hard to even visit its social network without breathing in the faint smell of insecurity. 

The reality is that few people outside Facebook--including the company's own partners--know the extent to which it shares user data. Several companies told The New York Times they never knew they had special access to certain data, that they didn't realize they still had that access, or that they didn't plan to use their access but had it anyway. Either they're lying to escape criticism or Facebook and its "partners" are estranged.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.