The latest in a series of privacy related breaches from Facebook was exposed by the New York Times on 18 December 2018. Investigations from the paper revealed that Facebook altered its own privacy settings in order to appease other large tech companies. Data was made available Amazon, Microsoft and Netflix among others. Facebook appears to have given different companies varying levels of access to user data through creative application of internal ‘loopholes’. For example, Netflix and Spotify could read and even delete private messages sent through the service, while Apple was able to construct special features that interfaced with the app.
After the investigation was made public, Facebook issued a statement: ‘None of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC’. Furthermore, spokespeople said that the loopholes were actually largely transparent to the end user and in some cases for their benefit. Apple explained that the privileges they were given simply allowed devices to synchronise calendars with Facebook’s event listings. It was claimed that the information never even reached Apple’s servers, simply remaining on individual devices.
However, a number of the companies that were granted special access actually expressed surprise at the extent of rights they were given. Netflix replied to the story by stating that they had neither asked for nor used the ability to read and delete private messages.
The investigation triggered a swift response from the Department for Digital, Culture, Media and Sport as the office said that Facebook had clearly offered preferential treatment for major corporate partners, locking many other companies out of any such privileges. The department also expressed a lack of confidence with regards to Facebook being able to police how such data would be used in light of the Cambridge Analytica breach.
In one of their most recent statements on the issue, Facebook highlighted how many of the most questionable features offered had been removed while emphasising that any of these partnerships required consent from the end user, typically by signing into Facebook through the related app.