Menu

Topics

Connect

Comments

Want to discuss? Please read our Commenting Policy first.

Facebook says it didn’t violate user privacy. But its definition of ‘permission’ is loose

WATCH: Facebook says it had consent to share users’ data, messages with other companies – Dec 19, 2018

Facebook gave companies such as Apple, Amazon and Yahoo extensive access to users’ personal data, effectively exempting them from the company’s usual privacy rules, according to a New York Times report .

Story continues below advertisement

Facebook enabled partners to offer services that tap into Facebook accounts and features. For example, Spotify was able to offer a feature that lets a user share song lists with his or her Facebook friends. But to do that, Facebook had to give Spotify the user’s list of Facebook friends.

READ MORE: Facebook says it had consent to share users’ data, messages with other tech giants

Facebook says it didn’t violate its users’ privacy in doing any of this. But Facebook has a history of playing fast and loose with the word “permission.” That appears to be the case here, too.

A look at the claims:

Facebook: “To be clear: none of these partnerships or features gave companies access to information without people’s permission.” — from a blog post late Tuesday by Konstantinos Papamiltiadis, the company’s director of developer platforms.

The facts: In this case, the company says that its “integration partners” — such as Amazon, BlackBerry or Microsoft — had to get authorization from people to turn on these features. Users would have done this by using their Facebook account to log in to the other services, which, technically, counted as giving permission. But people may not have realized just what they were granting permission for.

In addition, according to the Times report, Facebook from its early days formed key data-sharing partnerships with companies, sometimes giving them special access to data — without asking for users’ permission.

Story continues below advertisement

WATCH: Facebook under fire for sharing user data

For example, according to the report, the company used contact lists from “partners” such as Amazon, Yahoo and China’s Huawei to suggest potential Facebook friends to users. Facebook argues that its partners are essentially an extension of itself, as service providers, and thus they don’t need to get permission from users as long as they limit data use to providing Facebook-related services.

In all, the report says, more than 150 companies benefited from Facebook’s data-sharing practices. While most were technology companies, there were also automakers and media organizations. Some, the Times notes, were still in effect this year.

Story continues below advertisement

READ MORE: RBC denies report claiming bank had access to Facebook users’ private messages

The permissions issue came up earlier this year, when Facebook was found to have been collecting call and text histories from Android users. The company said at the time that it got permission from users to do this. Nonetheless, many users, including the New Zealand man who discovered the practice after downloading his Facebook data in March, were surprised that the company was logging this data.

READ MORE: Facebook bug may have exposed private photos of up to 6.8 million users

According to internal emails made public as part of a lawsuit , the company was aware that the Android data collection could look bad. A product manager, Michael LeBeau, wrote in a February 2015 email that the permissions feature — which prompted users to grant access to call logs and text-message history — is “a pretty high-risk thing to do from a PR perspective.” But, he added, “the growth team will charge ahead and do it.”

Story continues below advertisement

Facebook: “Nor did they violate our 2012 settlement with the FTC,” or Federal Trade Commission. — from the same blog post.

The facts: As part of the settlement, Facebook is required to obtain people’s “affirmative express consent” before making changes that override their privacy preferences. This could apply to sharing the content of private messages, friends’ lists and other information that Facebook gave its partners access to.

Thus, Facebook’s assertion that most of its data-sharing partnerships were exempted is on shaky ground.

WATCH: Facebook executive grilled in London on fake news, privacy worries; Zuckerberg a no-show

The FTC’s former chief technologist, Ashkan Soltani, and three former employees of its consumer protection division told the Times that the data-sharing deals probably violated the agreement. One said the partnerships seemed to give third parties permission to harvest data without users being informed of it or giving consent.

Story continues below advertisement

Facebook argues that it subjected those partners to its own rules about data use. But the Times report raises questions about how well Facebook managed those partners’ access.

The matter could ultimately be decided by the FTC. The agency said in March it was looking into whether Facebook engaged in unfair acts that might have violated the decree.

Advertisement

You are viewing an Accelerated Mobile Webpage.

View Original Article