“We don’t sell data to anyone,” Facebook CEO Mark Zuckerberg told Congress in April. What he didn't mention is that Facebook gives data away via secret deals with some of Silicon Valley’s biggest players — often without consent, according to a New York Times investigation published Tuesday.
Based on hundreds of internal Facebook documents, the report provides an inside look at the intrusive access provided to select partners — including Netflix, Microsoft, Spotify, Amazon and Apple — by the social network.
The revelations also highlight once again the company’s lack of transparency and accountability when it comes to the collection, process and sharing of user data.
The documents show that Facebook gave partners the ability to read, write and delete messages, as well as access the names and contact details of friends — all without explicit consent.
Facebook has denied it has done anything wrong, saying there is no evidence the data has been misused.
The company has repeatedly claimed that following previous privacy scandals it instituted much stricter privacy policies, something Zuckerberg alluded to when he told Congress that users “have complete control” over everything they share on Facebook.
The Times investigation suggests these promises have not been kept, which could lead to legal problems for the company.
“If the allegations are true, Facebook may face a colossal volume of individual and collective lawsuits demanding billions in damages, let alone sanctions imposed by regulators from all around the world,” Ilia Kolochenko, CEO of web security company High-Tech Bridge, told VICE News.
Facebook signed a consent agreement with the Federal Trade Commission (FTC) in 2011, barring the social network from sharing user data without explicit permission. The company says its data deals did not breach that agreement because they viewed their partners as extensions of the company, experts disagree.
“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” David Vladeck, who previously ran the FTC’s consumer protection bureau, told the Times. “I don’t understand how this unconsented to data harvesting can at all be justified under the consent decree.”
The FTC opened an investigation into whether or not Facebook is complying with the consent decree earlier this year. The investigation is ongoing.
Here’s how Facebook is giving away your data:
- Yahoo struck a deal giving it the ability to display a Facebook user’s news feed — including friends’ posts — on the search company’s homepage. Yahoo got rid of the feature in 2012. But as of last year, it still had access to data for close to 100,000 people a month.
- Spotify, Netflix and the Royal Bank of Canada signed a contract allowing them to read, write and delete users’ private messages, and to see all participants on a thread. The companies said they were unaware they had such broad powers.
- Amazon was permitted to obtain users’ names and contact information through their friends. As of last year, the documents show Amazon could access Facebook users emails through their friends. In exchange, Facebook was given access to contact lists from the e-commerce giant to gain deeper insight into people’s relationships and suggest more connections.
- Apple was given special powers to hide the fact it was asking for users’ Facebook data. iPhones and iPads also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show. Apple claims it was not aware of the broad powers Facebook granted it and said any personal information never left the devices.
Cover image: Mark Zuckerberg, chief executive officer and founder of Facebook Inc., listens during a House Energy and Commerce Committee hearing in Washington, D.C., U.S., on Wednesday, April 11, 2018. (Andrew Harrer/Bloomberg via Getty Images)
This article originally appeared on VICE US.