Facebook’s data-sharing deals exposed

Facebook's data-sharing deals exposed

 Image copyright Getty Images

has been caught on the back foot again over its data privacy practices, following an investigation by the New York Times.

The newspaper has disclosed fresh details about ways the social network shared access to users’ data with other tech firms, including Amazon, Apple, Microsoft, Netflix, Spotify and Yandex.

In some cases, the other companies have said they were not even aware they had special access.

Facebook has defended its behaviour.

It said it never gave others access to personal data without people’s permission and had seen no evidence that the data had been misused.

Analysis: Dave Lee, North America technology reporter

Image copyright Getty Images Image caption Some believe should allow someone else to be appointed Facebook’s chairman or chairwoman

Facebook, as ever, thinks it’s being unfairly picked on. Indeed, as recently as this week, former security boss Alex Stamos described the Cambridge Analytica scandal as an overreaction.

With its statement on Wednesday, Facebook took the same tone it has since this whole mess began in March: users gave consent, everybody knew, nothing to see here.

For added cheekiness, its statement linked to a piece in the New York Times from 2010 that seemed to reference at least one of features revealed in this latest investigation.

But what Facebook underestimates, continually, is the extent to which this year has produced a “data-awakening” among the general public, and how now is the time for the company to lay it all out on the table.

If I was a Facebook employee, or shareholder, I’d be telling Mark Zuckerberg: “It’s time to be completely open about who has or had access to data.”

That’s the only way to stop 2019 being like 2018: a drip-drip of headlines that have eroded Facebook’s reputation, perhaps irreparably.

Who got what?

The NYT bases its analysis on hundreds of pages of documents and dozens of interviews, the full details of which it has not shared.

In total, it said the social network had special arrangements with more than 150 companies to share its members’ personal data. Most of these, it said, were other tech firms, but the list also included online retailers, car-makers and media organisations, including the NYT itself, among others.

Of the examples given it reported:

Microsoft’s Bing search engine was able to see the names of “virtually all” Facebook users’ friends without those friends’ consent in order to personalise the results it showed The music-streaming service Pandora and film review platform Rotten Tomatoes also had access to friends’ information in order to customise their results Apple devices could access the contact numbers and calendar entries of users even if they had disabled all sharing in their Facebook settings. Moreover, it said Apple’s devices did not need to alert users to the fact they were seeking data from Facebook Netflix, Spotify and the Royal Bank of Canada were able to read, write and delete users’ private messages and see all participants on a chat thread Russian search provider Yandex was allowed to index users’ identities from public pages and posts to improve its search results after Facebook stopped other applicants from continuing the activity Yahoo could view live feeds of friends’ posts Sony, Microsoft and Amazon could access members’ email addresses via their friends Blackberry and Huawei were among companies that could pull Facebook’s data to power their own social media apps

Facebook has long maintained that it does not sell its users’ data.

But the NYT said that one of the arrangements it struck was to get contact lists from Amazon, Yahoo and Huawei, which it used to run its own People You May Know facility.

The feature suggests more acquaintances users might want to add to their friends, which helps increase engagement.

What is Facebook’s response?

The firm distinguishes between two different types of relationships it formed.

The first type it calls “integration partnerships”. It defines these as arrangements that allowed others to offer Facebook’s features outside of its own app or website.

Facebook actually provided a long list of such partners to Congress in July.

It said the arrangement made it possible for other companies to do things like consolidate posts from Facebook, Twitter and other social media providers in a single app, or provide alerts from a range of services via a web browser.

Image copyright Facebook Image caption Facebook says that the integration partnerships allowed the BlackBerry Hub and other similar services to be possible

But it noted that to do this, its members had to have signed into their Facebook accounts to give permission. It added that “nearly all” of these partnerships had been shut down in recent months.

Facebook refers to the second type of arrangements as being “instant personalisation”.

It said these allowed other apps to see Facebook’s private messages so that, for example you could send a song recommendation to a friend without having to leave Spotify’s app.

It added that users’ public information was also shared so that, for example, you could see what TV shows your friends had watched within Netflix.

Facebook said that for the most part, it ended its personalisation partnerships in 2014, but continued in some select cases into 2017.

It acknowledged, however, that it had not always withdrawn the application programming interfaces (APIs) that allowed others to tap into its data, as it should have.

“We’re in the midst of reviewing all our APIs and the partners who can access them,” it concluded.

What have the other firms said?

Microsoft has issued a brief statement saying: “Throughout our engagement with Facebook, we respected all user preferences.”

The BBC understands it ended its Bing contract with Facebook in February 2016, and the social network’s data stopped appearing in its search results at that point.

Netflix has said that it stopped taking advantage of its ability to recommend content to members’ Facebook friends in 2015 as the service had not been popular.

“At no time did we access people’s private messages on Facebook or ask for the ability to do so,” it added.

Spotify had indicated it was unaware of the degree of access Facebook had provided to it. Apple has also said that it was also not aware of its devices being granted special access.

Yahoo said it only tapped into Facebook’s data once users had opted in, and did not do so for advertising purposes.

Yandex has said its arrangement was limited to users in Russia, Turkey, Ukraine, Belarus, Kazakhstan and other Commonwealth of Independent States (CIS) countries, and added that it stopped receiving Facebook’s data in 2015.

Amazon said it only used Facebook’s information “in accordance with our privacy policy”.

Why does this matter?

Part of the issue is that Facebook promised a US regulator – the Federal Trade Commission (FTC) – in 2011 that it would not share user data without explicit consent.

Facebook insists it has not breached that pledge, but some privacy experts suggest otherwise.

Furthermore, despite Facebook executives claiming to have been transparent over the years about the firm’s privacy policy shifts, campaign groups suggest new laws are needed to restrict its activities.

“Time and again Facebook has been unable to clearly and in plain language explain to people how the company is collecting, storing, sharing, and retaining people’s data,” a spokeswoman for Privacy International told the BBC.

“The sheer scope of the Facebook scandals in 2018 alone is mind-boggling and shows that data exploitation is a rampant and systemic.”

The other risk is that the more negative stories there are in the press, the more likely users are to quit Facebook and its other apps – including Instagram and WhatsApp – or at least stop sharing personal information with them.

Skip Twitter post by @cher


— Cher (@cher) December 18, 2018


End of Twitter post by @cher

Skip Twitter post by @waltmossberg

1/ Some personal news: I’ve decided to quit Facebook around the end of the year. I am doing this – after being on Facebook for nearly 12 years – because my own values and the policies and actions of Facebook have diverged to the point where I’m no longer comfortable there.

— Walt Mossberg (@waltmossberg) December 17, 2018


End of Twitter post by @waltmossberg

Skip Twitter post by @jeffjohnroberts

“I deleted Facebook” is the new “I quit smoking”

— Jeff Roberts (@jeffjohnroberts) December 19, 2018


End of Twitter post by @jeffjohnroberts

Tags:, , , ,