Facebook reportedly gave some of the world’s largest tech companies access to users’ personal data, including allowing some firms to read and delete users’ private messages and obtain contact information through their friends, without users’ knowledge or consent.
The New York Times on Tuesday detailed how Facebook, through data-sharing “business partnerships,” shared and traded user data with more than 150 companies, including Amazon, Microsoft, Netflix, Spotify, Yahoo and the Russian search engine Yandex.
These partnerships, the oldest of which dates to 2010 and all of which were active in 2017, “effectively exempt[ed] those business partners” from Facebook’s usual privacy rules, the Times reported, citing hundreds of pages of internal Facebook documents.
Microsoft’s Bing search engine, for example, was reportedly allowed to see the names of nearly all Facebook users’ friends without their consent; Spotify, Netflix and the Royal Bank of Canada were able to read, write and delete users’ private messages; and Amazon, Microsoft and Sony could obtain users’ contact information through their friends.
Yahoo and Yandex reportedly retained access to Facebook user data even after such access was supposed to have been halted. And Facebook gave Apple the power to see Facebook users’ contacts and calendar entries even in cases where users had disabled all data sharing.
In all, the data of “hundreds of millions of people” were sought monthly by applications made by these Facebook business partners, according to the Times. Some of these partnerships reportedly remain in effect today.
Responding to the Times’ report, Facebook, whose privacy policies have come under intense scrutiny in recent months, said it had neither violated users’ privacy agreements nor a deal with the Federal Trade Commission that made it illegal for the social network to share user data without explicit consent.
“None of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC,” Konstantinos Papamiltiadis, Facebook’s director of developer platforms and programs, said in a Tuesday blog post.
Facebook’s primary argument was that it did not need explicit consent from users because its business partners, which it refers to as “integration partners,” were “functionally extensions of Facebook itself,” Times reporter Nick Confessore explained.
Still, Facebook acknowledged that it’s “got work to do to regain people’s trust.”
“Protecting people’s information requires stronger teams, better technology, and clearer policies, and that’s where we’ve been focused for most of 2018,” Steve Satterfield, Facebook’s director of privacy and public policy, said in a statement, noting that partnerships “are one area of focus.”
Papamiltiadis said most of the features described in the Times’ article are “now gone.”
At least two U.S. senators have called for more federal oversight in the wake of the Times report.
Sen. Amy Klobuchar (D-Minn.) lambasted Facebook’s reported data sharing as “unacceptable” and called for Congress to pass the data privacy bill that she and Republican Sen. John Kennedy of Louisana introduced in April.
Sen. Brian Schatz (D-Hawaii) said he was angered by the report.
“It has never been more clear. We need a federal privacy law. They are never going to volunteer to do the right thing. The FTC needs to be empowered to oversee big tech,” he tweeted.
An early investor of Facebook told the Times that “no one should trust Facebook until they change their business model.”
“I don’t believe it is legitimate to enter into data-sharing partnerships where there is not prior informed consent from the user,” Roger McNamee said.
Facebook did not immediately respond to HuffPost’s request for comment.