The New York Times on Tuesday published yet another explosive story about Facebook, this time examining the company’s extensive data sharing agreements with other tech giants. Internal records reportedly show that Facebook allowed partners like Amazon and Microsoft to bypass usual privacy rules and obtain users’ names and contact information from their friends without explicit consent. Some partners, like Netflix and Spotify, were granted the ability to read Facebook users’ private messages, while others, like Yahoo, were able to view streams of friends’ posts. According to a 2011 FTC consent agreement, Facebook is supposed to obtain consent from users before sharing their data with third parties.
Facebook maintains that it did obtain permission from users and that there was no evidence of data mishandling among its partners. The Times notes that the company seems to believe that its partners were an extension of itself, thus negating the need for permission in the first place. (The partners have spent Wednesday morning releasing statement denying they used or misused their access.)
These data-sharing agreements began in 2010. Facebook has been winding down most of the partnerships over the past year, though its partnerships with Amazon and Apple still remain active. In return for sharing the data, Facebook was able to integrate its services into other platforms, which was reportedly part of CEO Mark Zuckerberg’s strategy to ensure that the site remained dominant in the internet ecosystem. Facebook also gained access to user data from its partners. The platform was then able to cobble together contact lists from the likes of Amazon, Yahoo, and Huawei to inform its “People You May Know” tool.
“People You May Know,” which makes friend recommendations for users, has long been a controversial feature. Users and journalists have observed that the tool seems to have an eerie knowledge of real-world relationships. There have been reports of cases in which the tool attempted to connect anonymous sperm donors and their children, social workers and their clients, and patients of the same psychiatrist. Facebook had previously neglected to disclose how the tool was discovering these relationships. In March, Android users discovered that Facebook was collecting their devices’ call and texting logs, information that was used to make friend recommendations. The Times piece now further reveals how the company was mining its partners’ user data to make the connections.
As Gizmodo notes, other companies also may have attempted to divine real-world relationships with the data they received from Facebook. For example, Amazon has long had a tool that prevents people from rating books if they personally know the author. In one case, a woman was unable to write a review of a novel from an author she followed on Facebook, but did not know personally. At the time, the woman had no idea why Amazon was making the accusation, but it now seems plausible that the site had seen the Facebook connection as a red flag.
Update Dec. 19, 2018: Netflix sent Slate a statement reading, in part, “At no time did we access people’s private messages on Facebook, or ask for the ability to do so.”