Facebook Allowed Netflix, Spotify, And A Bank To Read And Delete Users’ Private Messages

Facebook gave more than 150 companies, including Microsoft, Netflix, Spotify, Amazon, and Yahoo, unprecedented access to users’ personal data, according to a New York Times report published Tuesday.

The Times obtained hundreds of pages of Facebook documents which were generated in 2017 that show that the social network considered these companies business partners and effectively exempted them from its privacy rules.

Facebook allowed Microsoft’s search engine Bing to see the names of nearly all users’ friends without their consent, let Spotify, Netflix, and the Royal Bank of Canada read, write, and delete users’ private messages, and see participants on a thread, allowed Amazon to get users’ names and contact information through their friends, and let Yahoo view streams of friends’ posts “as recently as this summer” despite publicly claiming it had stopped sharing such information a year ago, the report said. Collectively, applications made by these technology companies sought the data of hundreds of millions of people a month.

On Tuesday night, a Facebook spokesperson explained to BuzzFeed News that the social media giant solidified different types of partnerships with major tech and media companies for specific reasons. Apple, Amazon, Yahoo, and Microsoft, for example, were known as "integration partners," and Facebook helped them build versions of the app "for their own devices and operating systems," the spokesperson said.

Facebook solidified its first partnership around 2009-2010, when the company was still a fledgling social network. Many of them were still active in 2017, the spokesperson said. The Times reported that some of them were still in effect this year.

Around 2010, Facebook linked up with Spotify, the Bank of Canada, and Netflix. Once a user logged in and connected their Facebook profile with these accounts, these companies had access to that person's private messages. The spokesperson confirmed that there are probably other companies who also had this capability, but stressed that these partners were removed in 2015 and, "right now there is no evidence of any misuse of data."

Other companies, such as Bing and Pandora, were able to see users' public information, like their friends lists and what types of songs and movies they liked.

The spokesperson stressed that Facebook has a "robust investigation process" and many "checks and balances to make sure partners don't abuse data." Currently, there is no evidence that companies misused data, they said. However, Blackberry, which worked with the social media company to build its own Facebook app, told the Times that it had never been audited.

The records also show that Russian search giant Yandex, which was accused last year by Ukraine’s security service for giving user data to Kremlin, also had access to Facebook’s unique user IDs in 2017. A Yandex spokeswoman told the Times that the company was unaware of the access to user data provided by Facebook. Yandex did not immediately respond to BuzzFeed News’ request for comment.

In response to the report, Steve Satterfield, Facebook’s Director of Privacy and Public Policy defended the actions of the social network.

“Facebook’s partners don’t get to ignore people’s privacy settings, and it’s wrong to suggest that they do," he said in a statement to BuzzFeed News. "Over the years, we’ve partnered with other companies so people can use Facebook on devices and platforms that we don’t support ourselves. Unlike a game, streaming music service, or other third-party app, which offer experiences that are independent of Facebook, these partners can only offer specific Facebook features and are unable to use information for independent purposes.”

“We know we’ve got work to do to regain people’s trust. Protecting people’s information requires stronger teams, better technology, and clearer policies, and that’s where we’ve been focused for most of 2018. Partnerships are one area of focus and, as we’ve said, we’re winding down the integration partnerships that were built to help people access Facebook.”

In a follow up email, Facebook explained that it relied on "users and others to identify potential violations" with partners, as well as its own employees to flag concerning behavior from outside companies now working with the social media giant.

An Amazon spokesman issued the following statement to BuzzFeed News: “Amazon uses APIs provided by Facebook in order to enable Facebook experiences for our products. For example, giving customers the option to sync Facebook contacts on an Amazon Tablet. We use information only in accordance with our privacy policy.”

Microsoft said it ended its contract with Facebook in February 2016 and that data stopped appearing in search results after that. "Throughout our engagement with Facebook, we respected all user preferences," said a Microsoft spokesperson to BuzzFeed News.

A Netflix spokesperson issued the following statement to BuzzFeed News: "Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so."

Yahoo and Spotify did not immediately respond to BuzzFeed News requests for comment.

Facebook has been rocked by privacy scandals this year. Last week, the company said that it had found a security flaw that exposed the public and private photos of 6.8 million users on its platform to developers. In September, the company announced a breach that exposed the emails and phone numbers, as well as profile information such as gender, birth date, location, and recent search history of 30 million users. And earlier this year, the company came under fire after British data analytics firm Cambridge Analytica obtained the personal data of up to 87 million Facebook users without their consent.

In a blog post responding to the Cambridge Analytica scandal in March, Facebook CEO Mark Zuckerberg wrote : "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again."

And last week, Facebook set up a privacy pop-up in New York City's Bryant Park to educate users about privacy on the platform.

This is a developing story. Check back soon for updates and follow BuzzFeed News on Twitter.

Similar Articles:

Facebook reportedly gave tech giants greater access to users' data

Facebook reportedly gave tech giants greater access to users' data

Reasons not to use (i.e., be used by) Facebook

Reasons not to use (i.e., be used by) Facebook

Facebook Wielded Data to Reward, Punish Rivals, Emails Show

Facebook Wielded Data to Reward, Punish Rivals, Emails Show

Facebook exposed up to 6.8 million users’ private photos to developers in latest leak

Facebook exposed up to 6.8 million users’ private photos to developers in latest leak