Internal documents obtained by the New York Times appear to show that Facebook gave companies such as Microsoft, Amazon, and Spotify far greater access to people's data, including users' private messages than previously disclosed, it was reported today.
The article published Wednesday, explores the technical aspects of Facebook's business partnerships and data sharing agreements the social media giant entered into with their fellow tech companies. In some cases, companies retained access to data for years after it was supposed to have been cut off.
For example, Apple had access to Facebook users' contacts and calendar entries, even if the user had disabled data sharing. Amazon was given permission to obtain the names and contact information of users through their friends, even if they hadn't given permission.
Microsoft's search engine, Bing, was also given access to see names and other profile information of the users' friends. Facebook says only public user posts were shared with the search engine.
To understand how data-sharing works between companies, let's break down exactly how these agreements work.
There are three ways Facebook partners with companies. First are what's called "integrations," which refer to custom built apps that were built by Facebook for companies like smartphone manufacturers. Those those apps require an exchange of data with the Original Equipment Manufacturers (OEM). And while this program has been criticized in the past, the face that the apps are integrated with the phone's OS, it's generally assumed the users know that their personal data is being shared.
The second type of partnership was part of a now-defunct program "Instant personalization" that launched in 2010. The featured, seen in the deal made by Facebook with Microsoft's Bing search engine, allowed users to personalize their own services using what Facebook knew about you, and what you were willing to share.
Instant personalization was killed off in 2014 after significant criticism and concerns over privacy with the feature. However, the Times article indicates that Bing and two other companies retained access to the data through 2017.
The third type of deal Facebook made with tech companies is described as one-off customizations for companies like Spotify, and Netflix. The that gave those partners read and write access to users' Facebook messages.
The idea was meant to be a win-win situation for everyone involved. Facebook would gain additional users, which increased their advertising revenue, while tech companies were given additional features for their sites.
In a blog post published Wednesday, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, pushed back against the Times article.
"To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC," said Papamiltiadis.
Papamiltiadis also explained that Facebook giving access to users' private messages to companies like Spotify, was more about making the experience of using the app better. One example he cites was the ability for users to send their friends messages about the music they were listening to on Spotify.
The social media giant has been besieged by a series of privacy and data sharing scandals, starting with the company's partnership with political consulting firm, Cambridge Analytica, which improperly used Facebook's data. The company has also had to deal with several data breaches, including one that recently exposed the private and unposted photos of 6.8 million users.
Facebook wrote that they have discontinued access to the programs that granted developers' unlimited access to their platform's API and apologized for leaving them in place.
"We’ve taken a number of steps this year to limit developers’ access to people’s Facebook information, and as part of that ongoing effort, we’re in the midst of reviewing all our APIs and the partners who can access them," write Papamiltiadis. "This is important work that builds on our existing systems that track APIs and control who can access to them.
Photos: Getty Images