Facebook provided “dozens” of its corporate partners with secret, privileged access to user data in deals that continued into 2017, and in some cases are still active, the New York Times reported Tuesday.
The paper said the partners, among them Netflix, Amazon, Spotify and Microsoft, were effectively exempted from Facebook’s privacy rules and received more access to user data than did Cambridge Analytica.
The report, which cites documents as well as interviews with about 50 former Facebook employees, contradicts testimony Facebook CEO Mark Zuckerberg gave to Congress earlier this year.
During his testimony in April, Zuckerberg said that Facebook users “have complete control” over everything they share on Facebook. And since 2011, the company has been required to strengthen its privacy safeguards as part of an agreement with the Federal Trade Commission. It must report to the FTC every two years.
But, the Times said, the company not only allowed its partners access to data, but in some cases provided the ability to manipulate it — without disclosing it to users.
For example, the Times report said, Microsoft-owned search engine Bing was able to find out the names of nearly any Facebook user’s friends. Meanwhile, Netflix and Spotify were granted access to users’ private messages. Netflix, Spotify, and the Royal Bank of Canada could also write, and even delete private user messages, the Times reports.
In addition, the Times says, Amazon was allowed access to user names and contact information, while as recently as this summer, Yahoo was able to view streams of Facebook users’ friends’ posts. Facebook officials have said that they stopped sharing of this nature years ago.
A Facebook spokesperson told the Times, “Facebook’s partners don’t get to ignore people’s privacy settings.” But the spokesperson said also that some of these partners were “service providers,” essentially extensions of Facebook, and that per its agreement with the FTC, the company doesn’t have to get user consent to share data with them.
However, the spokesperson also told the Times that Facebook did not consider Spotify, Netflix and the Royal Bank of Canada to be “service providers.”
In a statement provided to TheWrap, Netflix said it discontinued this particular Facebook partnership three years ago, and that it never accessed users’ private messages in any way.
“Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger,” the statement said. “It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook or ask for the ability to do so.”
Representatives for Facebook, Yahoo, Spotify and Microsoft did not immediately respond to a request for comment from TheWrap.
Tuesday’s report is the latest PR fiasco for Facebook. In March, the company admitted that up to 87 milllion users had their profile information unwittingly accessed by the political data firm Cambridge Analytica in 2014. Months later, Facebook announced that another security breach had left 30 million users vulnerable to having their phone numbers and search histories hacked.
Last month, the Times reported that COO Sheryl Sandberg personally ordered staffers to investigate billionaire Democratic donor George Soros, despite having at first denied any involvement. The company also caught flak for hiring a conservative political consulting company that conducted a PR campaign against Soros and other Facebook critics.
Facebook posted record quarterly revenue figures this year, but has seen its stock price drop 20 percent since the start of 2018. There have been calls for Zuckerberg, and Sandberg, to step down, but so far, both have indicated they intend to stay in their current positions.