Apple, Amazon and many other firms granted special access to Facebook users' data, claims report

Facebook has 'work to do to regain people's trust' concedes privacy director

A report in the New York Times today claims that Facebook gave special access to more than 150 companies, including Microsoft, Apple and Amazon.

NYT reporters say they are in possession of hundreds of pages of documents detailing Facebook's partnerships and data-sharing practices, with supporting evidence provided by interviews with former employees.

While many of the special access deals have now finished, some, including those with with Amazon and Apple, are ongoing.

Amazon is able to access users' names and contact information via their friends on Facebook, the report says. Microsoft had a similar deal for the Bing search engine, where it could "see the names of virtually all Facebook users' friends without consent".

Netflix and Spotify enjoyed even greater access. The report claims that the companies had the "ability to read Facebook users' private messages".

Netflix denied it ever accessed private conversations, but did launch a feature in 2014 allowing members to recommend shows to friends via Messenger. It was "never that popular, so we shut the feature down in 2015," the company claimed.

Some of the companies mentioned have sought to play down the deals or deny that they had made significant use of the special access.

Amazon told CNN that it wanted to ensure a smooth Facebook experience on its own hardware and that it "uses the information in accordance with its own privacy policy".

Microsoft said something similar, adding that its Bing partnership ended in February 2017, and that "throughout our engagement with Facebook, we respected all user preferences". Apple and Spotify claimed they weren't aware of the special access granted.

Aware or not, the NYT reasons that the documents "raise questions about whether Facebook ran afoul of a 2011 consent agreement with the Federal Trade Commission [FTC] that barred the social network from sharing user data without explicit permission".

Responding to the report, Steve Satterfield, Facebook's director of privacy and public policy, argued that the FTC agreement "did not require the social network to secure users' consent before sharing data because Facebook considered the partners extensions of itself — service providers that allowed users to interact with their Facebook friends".

Facebook's partners "don't get to ignore people's privacy settings," he added, but conceded the company has "got work to do to regain people's trust".

Konstantinos Papamiltiadis, the company's director of Developer Platforms and Programs said that Facebook has acted within the rules.

"To be clear, none of these partnerships or features gave companies access to information without people's permission, nor did they violate our 2012 settlement with the FTC," he said.

However, Papamiltiadis conceded that partners should not have had access to "instant personalisation" APIs after features were officially shut down.

"We've taken a number of steps this year to limit developers' access to people's Facebook information, and as part of that ongoing effort, we're in the midst of reviewing all our APIs and the partners who can access them," he said.