If you thought Facebook's privacy issues were bad, they are actually much worse. According to a Tuesday report in the New York Times, Facebook provided its business partners with an "intrusive" level of access to users' personal data.
And by "intrusive," the Times means third parties could view and even delete users' personal messages.
The report, based on over 270 pages of internal Facebook documents and interviews with some 50 former company employees, says that Facebook willingly provided personal data access to such companies as Netflix, Spotify, Amazon, Apple and the Royal Bank of Canada.
Overall, there were some 150 third party companies that reached deals with Facebook, including automakers, entertainment sites and media organizations. The oldest such partnership deal dates back to 2010, and all the deals were still in effect in 2017.
In a response to the report, Facebook said none of the partnerships gave companies access to information without users' permission. According to the company, the deals did not violate Facebook's 2011 settlement with the Federal Trade Commission (FTC), in which the company agreed not to share users' data without their explicit permission.
"To put it simply, this work was about helping people do two things. First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners," the company's statement says. "Second, people could have more social experiences — like seeing recommendations from their Facebook friends — on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify."
"Still, we recognize that we've needed tighter management over how partners and developers can access information using our APIs," the statement continues. "We're already in the process of reviewing all our APIs and the partners who can access them."
The companies that benefited from the personal data have already denied any wrongdoing. Amazon, Microsoft and Yahoo representatives told the Times that they used the data appropriately, without further elaboration. Netflix tweeted Wednesday that it "never asked for, or accessed, anyone's private messages." Spotify said it was unaware of the access Facebook gave it, while a Royal Bank of Canada spokesperson disputed that the bank even had any such access.
"Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people's relationships and suggest more connections, the records show," the Times reports.
Facebook says it has shut down most of the abovementioned partnerships in recent months, with the exception of those with Amazon and Apple. The company insists that those partnerships are not barred by the FTC agreement, arguing that third party companies are service providers that use the data only "for and at the direction of" Facebook, functioning in a way as an extension of the social platform.
Freedom From Facebook, a group which has previously called for the tech giant to be broken up, said the newest revelations should pressure the FTC to act, Fox News reports.
"The flagrancy with which Facebook has flouted its consent decree shows it doesn't take the agency seriously," the group said in a statement. "The idea that Facebook should be broken up, or never [have been] allowed to acquire Instagram and WhatsApp, has gone mainstream. If the FTC wants to be taken seriously again — not only by corporations but by the public, on whose behalf it is expected to work — the FTC can't allow Facebook's monopoly to continue to exist."
