Facebook shared your DMs with tech giants like Netflix and Spotify (updated)

BTW

Facebook’s claim that it doesn’t sell data to anyone has carried it through controversy after controversy in 2018. Though the statement is technically true, a recent investigation by the New York Times found that while Facebook may not have sold user data, it has shared it with companies like Spotify, Microsoft, and Amazon.

When a user logged in and connected their account, companies like Netflix, the Royal Bank of Canada, and Spotify gained access to their private messages. Amazon was granted access to users’ names and contact information. Despite halting the practice of displaying Facebook users’ news feeds in searches back in 2012, Yahoo still has access to data for hundreds of thousands of users a month.

These are among 150 companies granted unique access to users’ personal data, according to the Times report. The Times dug through hundreds of pages of Facebook documents to determine how data was being used, and by whom. The findings revealed a troubling truth—despite promises, protections, and even consent agreements, Facebook continued to use personal data as a tool in its continuous growth.

The range of data made available to companies varied. In some cases, companies were only given access to surface-level information, like public profiles. In others, companies “had access to users’ data even if they had disabled all sharing,” according to the Times report. This means that even those careful users who refuse to click “accept” whenever the little permission pop-up appears may have been at risk.

Steve Satterfield, Facebook’s director of privacy and public policy, said that a 2011 Federal Trade Commission (FTC) agreement barring the company from sharing user data without explicit consent was not violated. In an interview with the Times, Satterfield claimed that the agreement didn’t extend to the companies in question because “Facebook considered the partners extensions of itself.”

Experts don’t entirely agree with this assertion, however. The variety of companies involved indicates that the only qualifying trait necessary in a Facebook “partnership” is the potential for monetary gain. Users also had no indication of which companies might gain access to their information and were never given the chance to deny access in the first place.

Though this doesn’t guarantee a violation of the FTC agreement, an assessment from independent tax advisory firm Price Waterhouse Coopers in 2013 found that Facebook’s efforts to protect user data left much to be desired.

In the last year, Facebook has issued what seems like an apology a week for a variety of security violations and data leaks. This is just the latest in a long line of issues the company has tried to minimize, but for the most part, its concerning behavior has been ignored.

Update 10:12am CT, Dec. 19: In a statement to the Daily Dot, a Netflix spokesperson says that Netflix never accessed people’s private messages.

Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook or ask for the ability to do so.

H/T New York Times

Nahila Bonfiglio

Nahila Bonfiglio

Nahila Bonfiglio reports on geek culture and gaming. Her work has also appeared on KUT's Texas Standard (Austin), KPAC-FM (San Antonio), and the Daily Texan.