Microsoft, Amazon, Apple, Spotify, and Netflix were given access to people's data by Facebook
Facebook has admitted the fact that technology giants like Spotify, Netflix, Microsoft, Apple, the Royal Bank of Canada and other companies were given access to users' private messages, even when they had to stop doing that. However, in their blog post, the company responds to the issue with a claim that it was without their consent.
According to the New York Times investigation, the tech giants were given with the access to read or write private messages, view users' names, calendar entries and similar data without their approval. The access was given to these companies due to the partnership between the social network and various technology companies or online services.
Issues regarding Facebook data tracking and sharing have been surfacing for a while, but the investigation and analysis on Facebook documents revealed more about this particular partnership issue.
Different companies had different access to users data and private information
The worst thing regarding these partnerships is that users were unaware of the issue. As the New York Times has reported, Facebook gave the following data to each of thech giants:
- Allowed Microsoft's search engine, Bing, to see names and other private information about users' friends on Facebook. Facebook states that Microsoft only accessed the public information.
- Gave Apple the opportunity to see Facebook users' contacts, calendar entries. This information was accessible even when people disabled the data sharing feature. According to Apple, the company was unaware that this was special access and ensured that data described never left the users' device.
- Gave Netflix, Spotify, the Royal Bank of Canada the opportunity to write and read users' private Facebook messages.
- Gave Amazon names, contact information of users. Amazon stated that the data was used “appropriately,” but various speculations surfaced on the internet that the company used this data.
Additional privacy and data security issues related to the Facebook partnership
According to the official Facebook response, the instant personalization was shut down in 2014, and these partnerships are different than previous ones which raised the questions. Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, has stated:
Instant personalization only involved public information, and we have no evidence that data was used or misused after the program was shut down. However, we shouldn’t have left the APIs in place after we shut down instant personalization. We’ve taken a number of steps this year to limit developers’ access to people’s Facebook information, and as part of that ongoing effort, we’re in the midst of reviewing all our APIs and the partners who can access them. This is important work that builds on our existing systems that track APIs and control who can access to them.
However, in the initial investigation, the New York Times analyzed documents, interviews with former employees and corporate partners. This information revealed that Facebook allowed companies to access users' data despite the mentioned protections and precautionary measures.
These deals benefited a number of companies in technology, business and online retailer or entertainment or even media industries. Applications used to access the data could read information about hundreds of millions of people per month. Records also show that these deals date back to 2010, in most cases, but there were a lot of them in 2017 and some in 2018.
Unfortunately for Facebook, these records and reports show up only a few months after a massive data breach involving the social media platform. Back in Fall, 2018 around 90 million users had to log back to their accounts after the hacker attack that stole logins from 50 million Facebook accounts.