Facebook shared users’ data with more than 60 mobile device makers without gaining their consent, New York Times claims
Facebook has said it disagrees with claims by the New York Times that it breached privacy pledges made to the public and to US regulators when it shared information with mobile device makers.
The paper reported that Facebook shared users’ personal information with at least 60 smartphone firms, allowing them to access users’ friends’ data without obtaining explicit consent.
In some cases the data was stored on the third parties’ own servers, according to the Times.
The data included information such as relationship status, religion, political affiliation and planned events.
The paper said these data-sharing agreements, which involved the use of application programming interfaces (APIs), may have breached a 2011 agreement with the Federal Trade Commission (FTC) in which Facebook agreed to obtain users’ “express consent” before sharing their data with third parties in new ways.
It also quoted an ex-FTC official as saying the APIs breached privacy commitments Facebook made to users in 2014.
Facebook said the data was used to create a mobile experience at a time before the Facebook mobile app was widely available.
In a blog post titled “Why we disagree with the New York Times”, the company said it “tightly” controlled third parties’ use of the data.
“These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences,” Facebook wrote.
“Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built.”
It said information such as photos was only accessible on devices if users had chosen to share the data with those friends.
Facebook said the circumstances were “very different” from those involved in the Cambridge Analytica scandal, in which the London-based consultancy is alleged to have improperly obtained data on up to 87 million users for lobbying purposes.
Apple, Microsoft, Samsung and Amazon were among the companies who signed up to data sharing agreements using the APIs.
Facebook began shutting down the use of the APIs in April as part of its response to the Cambridge Analytica incident. Twenty-two of the partnerships have since ended, it said.
Apple said it has stopped using the APIs and that it used them to allow users to post pictures and other information without having to open the Facebook app.
Microsoft said the data involved was held locally on users’ phones. Blackberry said it did not “collect or mine” Facebook data itself. Newer Blackberry-branded Android devices don’t use the APIs, it said.
Amazon and Samsung haven’t yet provided comment.
Sandy Parakilas, a former Facebook staff member who has been critical of the company, said employees had raised concerns about the data partnerships as far back as 2011.
Parakilas told the Financial Times that while Facebook said it had blocked apps from acquiring the data held by app users’ friends, “in the case of hardware manufacturers they didn’t do that”.
The Privacy International campaign group said companies must “protect users’ data by default”.
“This is yet another concerning example of companies collecting, sharing, and exploiting users’ data in completely unexpected ways,” said the group’s legal officer, Ailidh Callander. “Over and over Facebook has proven itself unworthy of user’s trust.”
What do you know about mobiles past and present? Try our quiz and find out!