As 2018 is seeing its end, Facebook continues to see yet another privacy issue.
According to The New York Times (NYT), it was revealed that the social media giant gave a significant amount of access to certain partner companies, in which some permissions are above what regular Facebook users might have expected.
In the report, it was said that Facebook offered these partner companies the access to everything from friend list to private messages.
That happened even after the company claimed it no longer offered such access to anyone.
For example, Netflix and Spotify had access to users' messages. The search engine Bing on the other hand, had access to see virtually all Facebook users' friends, their email addresses and phone numbers without their consent. Yandex which is a Russian search company, was allowed to see user IDs as late as 2017. That was after Facebook was supposed to restrict any partners from such access.
Facebook investors that were alarmed by the social giant’s string of privacy problems, pushed the stock down more than 7 percent on December 19th, wiping out about $30 billion in its market value.
The news came only a week after Washington, D.C.’s attorney general sued Facebook, alleging the company failed to protect the private data of millions of users that wound up in the hands of Cambridge Analytica, a political consulting firm that used the information to target voters during the 2016 U.S. Presidential election.
According to the NYT:
The social network reportedly shared users’ personal data with more than 150 companies.
This amount of access might have been a violation to the Federal Trade Commission (FTC)’s 2011 decree that Facebook obtain explicit permission before sharing anyone’s data.
But according to the report, Facebook Director of Privacy and Public Policy Steve Satterfield said that the access didn’t violate the FTC’s ruling because the ruling "did not require the social network to secure users’ consent before sharing data because Facebook considered the partners extensions of itself."
In a statement, Facebook said that all of the permission granted to these partner companies were done with user permission, including the ability to write and delete messages.
"Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner," as explained by Facebook‘s head of Developer Programs Konstantinos Papamiltiadis.
While the report here continues to corner Facebook, it doesn't show strong evidence that user data was used or misused.
For example, Netflix for its part, said on Twitter that it never asked for the access it was given, saying that "Netflix never asked for, or accessed, anyone's private messages. We're not the type to slide into your DMs."
Spotify said that the integration between its service and Facebook has always been about sharing and discovering music and podcasts.
"Spotify cannot read users’ private Facebook inbox messages across any of our current integrations. Previously, when users shared music from Spotify, they could add on text that was visible to Spotify. This has since been discontinued. We have no evidence that Spotify ever accessed users’ private Facebook messages."
The Royal Bank of Canada which was also said to have access to users' messages, disputed the claim. Yandex also disputed it, saying that the search engine didn’t ask for or realize how much access Facebook had given it.
More details about this can be found in the 250-page document dump by the British government that seized a huge cache of Facebook's internal documents. The records were generated in 2017 by Facebook's internal system for tracking partnerships.