Facebook is under fire once again for mishandling user data, this time charged with sharing information with at least 60 device makers, including Amazon, Apple, Blackberry, HTC, Microsoft and Samsung.
Going all the way back to 2007, the company created partnerships with various device makers that allowed for private data channels between the device-maker companies and Facebook, reports The New York Times.
From the Times story:
Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing.
The Times says Facebook built private APIs for device makers through 2014, sharing user data with “… tens of millions of mobile devices, game consoles, televisions, and other systems outside Facebook’s direct control.” Such access to user data conflicts with the Federal Trade Commission’s 2011 decree that disallowed Facebook from sharing user information without their consent.
Michael LaForgia, a Times reporter, found that after connecting to Facebook on his Blackberry, he was able to pull relationship status, religious and political leanings for 566 of his friends, as well as events they planned to attend. He was also able to access unique identifiers for 294,258 users connected to his friends list.
“Facebook has said that it cut off third parties’ access to this type of information in 2015, but that it does not consider BlackBerry a third-party case,” reports the Times.
Facebook argues that it hasn’t broken any rules. The company says its partnerships with device makers “work very differently” from how app developers use Facebook’s API platform. Facebook told the Times that its partnerships with device makers are governed by contracts that strictly limit use of the data, including any data stored on partners’ servers.
But Sandy Parakilas, a former Facebook employee who oversaw third-party advertising and privacy compliance for Facebook’s platform, told the Times that the data being shared with device makers was flagged as a privacy issue as early as 2012.
“It is shocking that this practice may still continue six years later, and it appears to contradict Facebook’s testimony to Congress that all friend permissions were disabled,” says Parakilas in the Times story.
Facebook responded to the accusations on its Newsroom Blog in a post titled “Why We Disagree with the New York Times,” again asserting that partnerships with device makers are “very different” from their relationships with third-party developers using public APIs (like the Aleksandr Kogan app that Cambridge Analytica utilized to exploit user data).
From Facebook’s response:
These partners [device-maker companies] signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences. Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built. Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.
Facebook says it has already started winding down access to user data by device makers and has ended relationships with 22 of the approximately 60 companies it had partnerships with.
Apple told the Times that, as of last September, it no longer had access to Facebook data that enabled users to post photos to the social network without opening the Facebook app. BlackBerry said that it used Facebook data only to give its customers access to their Facebook network and messages and that it did not collect or mine Facebook data of its customers. A Microsoft spokesperson told the Times that Facebook data was stored locally on Microsoft phones, but not synced to Microsoft’s servers. Samsung declined to respond to the Times’ questions about its partnership with Facebook.
The statements from Apple, Blackberry and Microsoft only represent three of the 60 device-maker companies that have partnerships with Facebook.
Facebook’s attempts to justify its mishandling of user data have become a broken record. By repeatedly allowing a multitude of companies access to user data without knowing how it is being used, the company has proven time and time again it cannot be trusted to take user privacy seriously. Regardless of whether or not Facebook broke any FTC rules or violated its 2011 consent decree, the fact remains that its user information has spread far beyond any boundaries the company can control.