SAN FRANCISCO: Facebook Inc touted itself as championing privacy four years ago when it decided to restrict outsider developers’ access to data about its users’ friends. But confidential documents that have spilled out of a lawsuit filed by a disgruntled developer tell a different story: That Facebook was quietly facilitating the commercial exploitation of user data to bolster its bottom line. And more evidence of Facebook’s marketing of user data may be exposed any day if a member of the UK’s Parliament goes ahead with his promise to release a trove of sealed documents from a US court case.
Facebook hasn’t disputed the authenticity of some records that have already been pried loose by the media but contends that its court foe, the maker of a now-defunct app for finding photos of friends in bikinis, has mischaracterised the information to sensationalise the lawsuit.
Four takeaways from what’s come out so far:
We don’t sell data
Chief Executive Officer Mark Zuckerberg said “No, of course not” in a 2009 media interview when asked if his company would ever sell user data — and told Congress in April, “I can’t be clearer on this topic: We don’t sell data.” But a document from the sealed court files suggests that while Facebook was ramping up its mobile-advertising business, it considered selectively making the data available to companies that paid for ads. In an email exchange, an unidentified Facebook employee talks about cutting off “all apps that don’t spend … at least US$250k a year to maintain access to the data.”
Facebook confirmed the discussions about charging for data, but told the Wall Street Journal the company ultimately decided against it.
Violation of FTC settlement?
Another no-no for Facebook is sharing private user data without the permission of users — one of the conditions of the company’s 2011 settlement with the Federal Trade Commission over claims that it deceived consumers about privacy promises. But memos and emails from 2012 to 2014 revealed by the maker of the bikini photo app, Six4Three LLC, call into question Facebook’s compliance with that accord. In a note from 2012, a Facebook vice president said that after discussions with Zuckerberg, the company would require “platform partners agree to data reciprocity” — which Six4Three interprets to mean the company sought to leverage access to its Graph API data.
Facebook rejects allegations that it violated the consent decree.
‘Whitelist’ from Amazon to Tinder
Facebook officially cut off outsider access to friends’ data in 2015, but some companies got special deals that kept the data flowing. Those agreements, dubbed “whitelists” by Facebook, are detailed in the court records. Among the companies that had — or were negotiating — custom-made arrangements: Amazon.com Inc., Royal Bank of Canada, Nissan Motor Co, Lyft Inc, Airbnb Inc, Fiat Chrysler Automobiles NV, Tinder LLC, GoDaddy Inc and Netflix Inc.
Facebook told the Washington Post that Amazon maintained access to Facebook user data because it was an “integration partner” that hosted Facebook apps on its hardware, not only an app developer. Facebook said none of the companies mentioned in the documents besides Amazon continued to have data access after 2015.
Russia-linked harvesting activity
In the wake of the Cambridge Analytica scandal, Facebook has said it was unaware that Russian-linked entities had tapped into its user data until after the 2016 election. But the head of a committee of British lawmakers investigating the impact of fake news said in November that an internal email shows the company knew about Russian data harvesting activity as early as October 2014.
Facebook said that the document cited by Member of Parliament Damian Collins was taken out of context. “The engineers who had flagged these initial concerns subsequently looked into this further and found no evidence of specific Russian activity,” the company said.