Facebook has been caught on the back foot again over its data privacy practices, following an investigation by the New York Times.
The newspaper has disclosed fresh details about ways the social network shared access to users’ data with other tech firms, including Amazon, Apple, Microsoft, Netflix, Spotify and Yandex.
In some cases, the other companies have said they were not even aware they had special access.
Facebook has defended its behaviour.
It said it never gave others access to personal data without people’s permission and had seen no evidence that the data had been misused.
However, it has acknowledged again that it should have prevented third parties being able to tap into users’ data, after publicly announcing that it had ended the privilege for security reasons.
Examples given by the NYT include allowing others’ products the ability to read users’ private messages and to see the names, contact details and activities of their friends.
Facebook’s handling of the matter has drawn criticism, including tweets from its own former chief security officer Alex Stamos, who has called on it to disclose more details about what special access it provided to whom.
The latest revelations follow a series of scandals including the Cambridge Analytica data harvest, incitement to violence in Myanmar, also known as Burma, evidence of Russian and Iranian meddling in the US elections, and several data-exposing bugs.
These have undermined public confidence in Facebook, led to calls for new regulations and prompted demands for a leadership rethink.
Who got what?
The NYT bases its analysis on hundreds of pages of documents and dozens of interviews, the full details of which it has not shared.
In total, it said the social network had special arrangements with more than 150 companies to share its members’ personal data. Most of these, it said, were other tech firms, but the list also included online retailers, car-makers and media organisations, including the NYT itself, among others.
Of the examples given it reported:
- Microsoft’s Bing search engine was able to see the names of “virtually all” Facebook users’ friends without those friends’ consent in order to personalise the results it showed
- The music-streaming service Pandora and film review platform Rotten Tomatoes also had access to friends’ information in order to customise their results
- Apple devices could access the contact numbers and calendar entries of users even if they had disabled all sharing in their Facebook settings. Moreover, it said Apple’s devices did not need to alert users to the fact they were seeking data from Facebook
- Netflix, Spotify and the Royal Bank of Canada were able to read, write and delete users’ private messages and see all participants on a chat thread
- Russian search provider Yandex was allowed to index users’ identities from public pages and posts to improve its search results after Facebook stopped other applicants from continuing the activity
- Yahoo could view live feeds of friends’ posts
- Sony, Microsoft and Amazon could access members’ email addresses via their friends
- Blackberry and Huawei were among companies that could pull Facebook’s data to power their own social media apps
Facebook has long maintained that it does not sell its users’ data.
But the NYT said that one of the arrangements it struck was to get contact lists from Amazon, Yahoo and Huawei, which it used to run its own People You May Know facility.
The feature suggests more acquaintances users might want to add to their friends, which helps increase engagement.
Analysis: Dave Lee, North America technology reporter
Facebook, as ever, thinks it’s being unfairly picked on. Indeed, as recently as this week, former security boss Alex Stamos described the Cambridge Analytica scandal as an overreaction.
With its statement on Wednesday, Facebook took the same tone it has since this whole mess began in March: users gave consent, everybody knew, nothing to see here.
For added cheekiness, its statement linked to a piece in the New York Times from 2010 that seemed to reference at least one of features revealed in this latest investigation.
But what Facebook underestimates, continually, is the extent to which this year has produced a “data-awakening” among the general public, and how now is the time for the company to lay it all out on the table.
If I was a Facebook employee, or shareholder, I’d be telling Mark Zuckerberg: “It’s time to be completely open about who has or had access to data.”
That’s the only way to stop 2019 being like 2018: a drip-drip of headlines that have eroded Facebook’s reputation, perhaps irreparably.