Data scandals: The undoing of social media major Facebook?

Chennai: Social media giant Facebook and privacy scandals have gone hand-in-hand and recent reports suggest that the pot is still brewing.

Last night, word about yet another issue with data privacy came out, where Facebook had allegedly given technology companies like Microsoft, Netflix and Spotify special access to user’s data.

According to a NYT report, the social media company offered these firms access to everything from friends lists to private messages, even after it claimed it no longer offered such access to anyone.

Netflix and Spotify apparently had the ability to read, write, and delete messages for users, while Microsoft’s Bing search engine could “see the names of virtually all Facebook users’ friends without consent”, the report said.

The list includes Russian search company, Yandex, too and it was allegedly allowed to see user IDs as late as last year, after Facebook was supposed to have cut even partner companies off from that information, reports stated.

Violation or not?

This degree of access might have been a violation of the Federal Trade Commission (FTC)’s 2011 decree that Facebook obtain explicit permission before sharing anyone’s data, experts state.

In the NYT report, Facebook’s director of Privacy and Public Policy, Steve Satterfield, said this access didn’t violate the FTC’s ruling because the ruling “did not require the social network to secure users’ consent before sharing data, because, Facebook considered the partners extensions of itself”.

Facebook released a statement, contrary to what Satterfield had said, saying that all of the access these companies were granted was done with user permission, including the ability to write and delete messages.

Facebook‘s head of Developer Programs, Konstantinos Papamiltiadis, said to a hypothetical worried user: “Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner.”

However, near the end of the statement, he does admit the company fumbled the API ball:

“Why did some partners have access to data as late as 2017, even after instant personalization was shut down? Instant personalization only involved public information, and we have no evidence that data was used or misused after the program was shut down. However, we shouldn’t have left the APIs in place after we shut down instant personalization,” he said.

The interesting term, according to experts is that the firms did not ask or realise just how much access Facebook had given them. The Royal Bank of Canada, also alleged to have been given carte blanche with messages, disputed it had that power and even Yandex claimed so.

People in the know have stated that in the interests of expanding its own network of information, Facebook preemptively handed a metaphorical keyring to large partner companies without even being asked to do so.

Netflix, for its part, said on Twitter that it never asked for the access it was given. “Netflix never asked for, or accessed, anyone’s private messages. We’re not the type to slide into your DMs,” it said.

For its part, Spotify said, its integration with Facebook has always been about sharing and discovering music and podcasts. “Spotify cannot read users’ private Facebook inbox messages across any of our current integrations. Previously, when users shared music from Spotify, they could add on text that was visible to Spotify. This has since been discontinued. We have no evidence that Spotify ever accessed users’ private Facebook messages,” it claimed.