Facebook Inc. gave corporate partners unusually broad access to user information, in some cases even enabling companies to view and edit private messages sent via Messenger.
That’s among the revelations contained in a bombshell New York Times report published Tuesday night. Citing hundreds of pages of internal data sharing logs, the paper said that Facebook has excepted more than 150 companies from some of the privacy restrictions it applies to third parties. The group consists mostly of tech firms, including leading players such as Amazon.com Inc., Apple Inc,. Microsoft Corp. and Spotify Ltd.
The data-sharing deals varied greatly from partner to partner. Some companies, like Apple, used account data in a fairly transparent way: The company built a feature to let users sync entries in Facebook calendars to their iPhones. But other firms are said to have received access to more information than they should’ve been given.
The most prominent examples cited in the Times report are Spotify, Netflix Inc. and the Royal Bank of Canada. A poorly implemented application programming interface reportedly enabled the firms not only to view but also to edit private messages, even though they apparently didn’t request the access. Spotify and Netflix issued statements saying they weren’t aware they were granted these permissions, while the Royal Bank of Canada outright denied it had access to private messages.
Another breach of privacy was reportedly caused by Facebook’s now-defunct “instant personalization” data-sharing tool. Originally launched in 2010, the feature was shut down in 2014 over concerns that it let developers obtain too much information about members. Nevertheless, the Times reported that Microsoft continued to have access to the feature until 2017, while two other companies could use it until this summer.
Most of the 150-plus data sharing agreements cited in the story are said to be dormant or infrequently used. Facebook revealed in a press statement that “none of these partnerships or features gave companies access to information without people’s permission,” the company officials revealed in a statement.
But though the impact on consumers may be limited, the report raises fresh concerns about the level of care with which Facebook handles users’ information. Of particular note is the apparent lack of transparency around some of the reported data-sharing deals.
The incident, which is only the latest in a string of controversies that have rocked Facebook recently, could add to the scrutiny on the company’s business practices. This morning, Virginia senator Mark Warner issued a call for Congress to “step in” to regulate social media platforms. Across the pond, the chair of the U.K. parliament’s Digital, Culture, Media and Sport Committee released a statement saying British regulators should open an investigation into Facebook.
And on Tuesday, the National Association for the Advancement of Colored People announced a boycott of Facebook for a week following reports that the social network had been used by some of the Russian agents to try to sway the minds of America’s and other part of the world black voters.
Facebook responded to some of the issues raised in the article in a blog post Tuesday, summing up, “To be clear: none of these partnerships or features gave companies access to information without the help of people’s permission, nor did they violate our all time of sort for the year 2012 settlement with the FTC.”
Facebook’s shares fell more than 7 percent today, much more than the tech-heavy Nasdaq’s 2 percent drop.