Facebook Gave Some Companies Special Access to Additional Data About Users’ Friends
Facebook Gave Some Companies Special Access to Additional
Data About Users’ Friends
Small number of companies had deals that gave them access
to data after others were cut off
By Deepa Seetharaman and
Kirsten Grind Updated June 8, 2018 7:28 p.m. ET
Facebook Inc. struck customized data-sharing deals that
gave select companies special access to user records well after the point in
2015 that the social network has said it walled off that information, according
to court documents, company officials and people familiar with the matter.
Some of those and other agreements, collectively known internally
as “whitelists,” also allowed certain companies to access additional
information about a user’s Facebook friends, the people familiar with the
matter said. That included information like phone numbers and a metric called
“friend link” that measured the degree of closeness between users and others in
their network, the people said.
The whitelist deals were struck with companies including
Royal Bank of Canada and Nissan Motor Co., who advertised on Facebook or were
valuable for other reasons, according to some of the people familiar with the
matter. They show that Facebook gave special data access to a broader universe
of companies than was previously disclosed. They also raise further questions
about who has access to the data of billions of Facebook users and why they had
access, at a time when Congress is demanding the company be held accountable
for the flow of that data.
Many of these customized deals were separate from
Facebook’s data-sharing partnerships with at least 60 device makers, which it
disclosed this week. Several lawmakers and regulators have said those
device-maker arrangements merit further investigation.
Facebook officials said the company struck a small number
of deals with developers largely to improve the user experience, test new
features and allow certain partners to wind down previously existing
data-sharing projects. The company said it allowed a “small number” of partners
to access data about a user’s friends after the data was shut off to developers
in 2015. Many of the extensions lasted weeks and months, Facebook said. It
isn’t clear when all of the deals ultimately expired or how many companies got
extensions.
Most developers who plugged into Facebook’s platform
weren’t aware that the company offered this preferred access or extensions to
certain partners, according to the people familiar with the matter.
Ime Archibong, Facebook’s vice president of product
partnerships, said in an interview Friday that the company maintained a
“consistent and principled approach to how we work with developers over the
course of the past 11 years.”
Mr. Archibong said there were some cases where the
company worked “more closely” with individual developers to test new features
or when winding down products. “But we have been extremely, I would say,
persistent and objective around how we worked with developers,” he said.
Privacy experts said Facebook users likely didn’t know
how their data was being shared. “I don’t think anyone would have a reasonable
understanding of how widespread this was,” said David Vladeck, director of the
Federal Trade Commission’s Consumer Protection Bureau from 2009 until 2013 and
now a professor at Georgetown Law.
Mr. Vladeck said any deals made after 2012 could draw
scrutiny about whether Facebook was in violation of its settlement that year
with the FTC, under which the company is required to give the social network’s
users clear and prominent notice and obtain their express consent before
sharing their information beyond their privacy settings. Facebook said Friday
it hasn’t violated the settlement.
The revelations come as Facebook is dealing with the
fallout in March related to the use of personal data by Cambridge Analytica, a
political analytics firm that aided President Donald Trump’s 2016 presidential
campaign and purchased data on 87 million users from another developer. The
crisis sparked questions about Facebook’s lax oversight of its platform, an FTC
probe into whether the company violated the 2012 settlement and two
congressional appearances by Facebook Chief Executive Mark Zuckerberg in April.
In his testimony before Congress, Mr. Zuckerberg said
Facebook moved to eliminate broad access to information about users’ friends in
2014. Developers had until May 2015 to comply with the rules. The move was a
harsh blow to developers, forcing a number of apps to shut down without access
to the data. Others had to find workaround solutions to continue operating.
One developer, Six4Three LLC, sued Facebook in 2015,
alleging that Facebook’s data policies were anticompetitive and favored certain
companies over others. One court document that was originally redacted alleges
that Facebook employees discussed whitelist agreements with various companies.
Facebook says the Six4Three lawsuit is without merit.
On Friday, Facebook acknowledged that a subset of
companies were given extensions beyond May 2015.
“As we were winding down over the year, there was a small
number of companies that asked for short-term extensions, and that, we worked
through with them,” Facebook’s Mr. Archibong said. “But other than that, things
were shut down.”
Facebook’s relationships to outside developers have
shifted over time as it made key adjustments to how it shares data.
In 2007, Facebook started allowing developers to tap its so-called
social graph, including crucial information about a user’s friends. Unlike
advertisers, developers didn’t have to pay for this information, giving rise to
a new generation of startups built on social connections.
This arrangement also made Facebook increasingly central
to its users’ daily lives, despite objections from privacy groups and some
users about potential abuses of that data. By 2014, developers could access
about 30 different data points about users’ friends, including places they checked
into, education history and religious and political affiliation.
Early on, Facebook brokered special deals with certain
companies, some people with knowledge of the deals said. “Ninety-nine percent
of developers were treated the same, but 1% got special treatment because they
accounted for all the value of the platform,” one former Facebook employee
said, referring to popular apps and services that attracted users.
Eventually, Facebook set up internal teams dedicated to
brokering and developing customized data deals.
After Facebook said it would restrict outsiders’ access
to user data, several companies approached it about gaining continued access.
One granted an extension was Royal Bank of Canada, which created an app that
allowed RBC users to send money to one another—similar to Venmo, a startup now
owned by PayPal Inc. RBC was granted a six-month extension after the May 2015
deadline Facebook imposed on developers when it shut off data access, an RBC
spokesman said.
“We take seriously our responsibility to protect customer
privacy and we do not share individual client information with Facebook or
other advertisers,” the spokesman said.
Nuance Communications, based in Burlington, Mass., was
given a six-month extension to continue accessing user data—specifically for a
special news feed it had built on behalf of client Fiat Chrysler Automobiles
NV, according to a person familiar with the matter. The company signed a
nondisclosure agreement in return for the additional access, this person said.
A spokeswoman for Nuance and a spokesman for Fiat
declined to comment.
Separately, some of the data-sharing arrangements with
device makers also involved broad access to information about users’ friends.
This access persisted until as late as this year. Facebook
said it is winding down those deals, some details of which were reported by the
New York Times earlier this week.
A 2012 agreement with Apple Inc. allowed iPhone users to
sync their contacts with their Facebook friends list and import their friends’
phone numbers—a data point that wasn’t available to most developers who plugged
into the Facebook platform, according to people familiar with the matter. The
personal contact information was kept on users’ devices and Apple didn’t gain
access to any of that personal data, an Apple spokesman said.
Microsoft Corp. struck a device deal with Facebook
shortly after the software giant invested $240 million in Facebook ahead of its
2012 initial public offering, according to people familiar with the matter.
Microsoft often fed that data into its Bing search
engine, allowing users to search Facebook posts of friends, for example, a
feature that wasn’t available on the platform more broadly. That access ended
in 2016—well after other developers were restricted, according to a person
familiar with the matter.
Facebook said the Apple and Microsoft partnerships were
part of the company’s effort to re-create the Facebook experience across
different devices and operating systems.
—Vipal Monga, Eliot Brown and Tripp Mickle contributed to
this article.
Comments
Post a Comment