Skip to main content

Facebook Let Other Companies Harvest User Data Without Consent

The social media giant appears to have violated privacy rules established in its agreement with the Federal Trade Commission.
Photograph courtesy of CNN

Photograph courtesy of CNN

In a bombshell report released yesterday, The New York Times revealed that Facebook allowed companies such as Netflix and Spotify to harvest its users' data without their consent, potentially violating their 2011 Federal Trade Commissions agreement.

Over the past few years, Facebook has been the center of enormous controversy, from Cambridge Analytica's use of the platform to influence voter behavior to last month's revelations that Chief Operating Officer Sheryl Sandberg requested opposition research to smear the company's rivals by tying them to Hungarian financier George Soros. The newest Times report only adds to the pile of scandals that CEO and founder Mark Zuckerberg has to clean up. 

Last spring, Zuckerberg testified before the Senate that Facebook users had control over what they shared on the site, and the company's 2011 F.T.C. agreement barred them from sharing user data without explicit permission. After the deal was struck, they entered into several partnerships - more than employees could keep track of - with companies such as Amazon, Microsoft, and Yahoo.

Facebook claimed that these partnerships did not violate user privacy or the F.T.C. agreement, arguing that these companies were "service providers" who only used the data "for and at the direction" of Facebook and as an extension of the site. Normally, this would involve allowing Facebook to perform everyday functions with their partner companies, like sending and receiving information over the internet, or processing credit card information, both of which would be acceptable. However, the Times report makes it clear that Facebook grievously overstepped its boundaries in this regard.

How They Did It

When Facebook changed its privacy settings in 2009, it made its users' data available to the whole internet, from your favorite movies and TV shows to your religion, your political leanings, and your location. They called this "instant personalization." The F.T.C. labeled this a deceptive practice, so Facebook entered into a consent agreement, but overstepped its boundaries by interpreting exemptions in the agreement too broadly.

According to David Vladeck, the former head of the F.T.C. protection bureau,  exempting partner companies from regulatory requirements gave these partners permission to harvest Facebook user data without informing users or obtaining their consent. Currently, the F.T.C., Department of Justice, and the Securities and Exchange Commission are all investigating the company.

Facebook, along with Google, controls 99% of the online advertising business, and user data is what keeps that going. As part of their agreements, the companies Facebook did business with could scroll through users' contact lists and their friends' contact information. As of last year, Sony, Microsoft, and Amazon could still obtain users' email addresses by scrolling through their friends. The company also allowed other smartphone and technology developers, like Apple and Blackberry, to peek into user data. Apple devices got access to contact numbers and calendar entries for Facebook users, even if they had turned off the sharing function in their settings. 

Most controversially, Facebook entered into sharing partnerships with streaming giants Netflix and Spotify, allowing them to access users' private messages through the Messenger app. They could read, write, and delete user messages, and access the names of participants on a thread - all of which violated their initial agreements with the company. Spotify still has the privilege of viewing the messages of at least 70 million users a month, and still offers the option to share music through Messenger. Netflix no longer offers that feature within the app, forfeiting their ability to access user messages.

To combat criticism, Facebook established a privacy program to review partnerships, but the team was moved around through the organization so often that higher-ups did not take them seriously. While they could have reviewed the Netflix and Spotify partnerships, they didn't, because the deals were governed by business contracts that required them to follow data policies, so the company did not subject them to the same scrutiny. 

Facebook officials have since acknowledged that it was a mistake to allow these companies access,  but did not elaborate. They also insisted that, by only allowing them access to data that was already public, they did not violate privacy.

 What's Next

CEO and founder Mark Zuckerberg has done his best to control the damage, but he now faces opposition from both civil rights groups like the Southern Poverty Law Center, as well as investors, who are calling on him to resign. As of this moment, he does not plan to leave the company he started in his Harvard dorm room. However, his image as someone who wanted to "bring the world closer together" has taken a severe beating amidst the frequent scandals that have plagued his company.