Facebook says companies got access to data only after user permission

Adjust Comment Print

Microsoft's Bing could also view almost all users' friends, Amazon could glean contact information from them, and Yahoo had access to their posting streams.

Facebook said the users needed to sign in with their Facebook account to use these features offered by the likes of Apple and Amazon. The ad was in response to the Cambridge Analytica scandal, where almost 100 million users had their data mined by the political consulting firm for use in the 2016 presidential election. But to do that, Facebook had to give Spotify the user's list of Facebook friends.

What's new: Companies like Amazon, Apple, Microsoft, Netflix, Spotify, and Yandex had special arrangements to retain access to users' data (and data on their friends), despite platform changes in 2014 that restricted the practice.

"Delete access" meant that if you deleted a message from within Spotify, it would also delete from Facebook. The documents come from Facebook's internal system for tracking its partnerships, and they give an insight into how the social network shares user data with other companies.

Overall, there were some 150 third party companies that reached deals with Facebook, including automakers, entertainment sites and media organizations.

The social network said it shut down almost all of these partnerships over the past several months, except those with Apple and Amazon, which people continue to find useful and which are covered by active contracts.

That included Yahoo!, which reportedly still had the ability to view real-time feeds of friends' posts for a feature the company had ended in 2011.

"Over the years, we've partnered with other companies so people can use Facebook on devices and platforms that we don't support ourselves", Steve Satterfield, Facebook's director of privacy and public policy, said in a statement. And in the case of Spotify, the feature allowed users to send songs via private messages, and thus required access to Messenger. Despite this feature being removed since the Cambridge Analytics scandal broke, the New York Times reports these partnership integration deals were still all active in 2017.

In a statement on Wednesday Damian Collins, chair of the DCMS committee, said Facebook should appear before MPs again to clarify whether its policies are a breach of data privacy law.

In March, Facebook took out full page apology ads in several prominent newspapers.

Netflix responded to the allegations in a tweet, saying, "Netflix never asked for, or accessed, anyone's private messages". Maybe those special deals were fine to make, met the smell test of consent from Facebook users, and complied with Facebook's 2011 agreement with the USA government to never again share user information without people's explicit permission. Facebook has said there is no evidence that data was used or misused, but such assurances aren't worth much in the current climate. "Facebook rewards these firms with data privileges that other organisations do not enjoy".

For Facebook, this is the latest in a steady drip of privacy scandals. The partners were prohibited from using the personal information for other purposes, he said. One said the partnerships seemed to give third parties permission to harvest data without users being informed of it or giving consent.