Pressure grew on Facebook’s senior management team this week, after yet more privacy revelations emerged, showing how the social network shared access to its users’ data and private messages with other tech firms including Amazon, Apple, Microsoft and Netflix.
The New York Times reported on Tuesday that the social media giant had allowed third-party firms to use their products to access users’ data, including allowing them to read private messages and see the names and contact details of their friends, as well as their activities – even after it raised a wall designed to protect its users.
“For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews,” said the paper.
The NYT based its story on analysis of documents it had obtained, as well as interviews, underscoring “how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.”
Asserting that “the exchange was intended to benefit everyone”, the NYT claimed that more than 150 companies had special arrangements to access Facebook users’ personal data – including the paper itself.
The NYT published examples of how:
The paper said Facebook had arranged to obtain contact lists from tech partners to help run its People You May Know, a friend-suggestion function widely regarded as “creepy”, in an effort to boost platform engagement.
Responding to the NYT in a blog, Let’s Clear A Few Things Up About Facebook’s Partners, the social network insisted that users had given consent to their data being shared, and that “none of these partnerships or features gave companies access to information without people’s permission”.
But it conceded that it should have prevented others gaining access to user data – and confirmed it had ended the practice of offering privileged access.
The company admitted that partners did get access to messages, but again insisted that people had to sign in to Facebook first, for instance by signing in while on Spotify, which allowed people to send and receive without leaving the app.
Facebook admitted that it should not have left APIs in place after it shut down instant personalisation in 2017, concluding that “we’re in the midst of reviewing all our APIs and the partners who can access them. This is important work that builds on our existing systems that track APIs and control who can access to them”.
The NYT revelations are the latest in a series of scandals to have rocked Facebook this year, starting in March with news that Cambridge Analytica had harvested and sold Facebook data without permission to influence the US election. It also faced allegations that lax security allowed Russia to interfere in the US elections and others to influence the UK Brexit vote.
The scandals have led to calls for regulation worldwide, including from the DCMS select committee.
Earlier this month the committee published a series of internal emails and other documents that it had seized, that appeared to demonstrate Facebook’s knowledge of the risks.
Committee chair Damian Collins said the NYT report undermined Facebook’s claim that it was not selling users’ data. “This is just another form of selling,” he told the BBC.
Coming on top of the earlier revelations, the latest NYT revelations could prove more harmful to Facebook than the rest, not least in the minds of a public horrified that information they thought was private may be no such thing.
Facebook’s share value has fallen by more than 25% since the start of 2017, hitting Zuckerberg’s personal wealth correspondingly.
In a related development this week, a coalition of 32 US civil rights groups called for Mark Zuckerberg and Sheryl Sandberg to step down from Facbook’s board after failing to address the platform’s role in “generating bigotry and hatred towards vulnerable communities”.