Facebook allowed Netflix, Spotify to access private user messages

Gelo Gonzales
Facebook allowed Netflix, Spotify to access private user messages
(UPDATED) A 'New York Times' report details the data-sharing partnerships Facebook has had with other companies

MANILA, Philippines (UPDATED) – The New York Times (NYT) on Wednesday, December 19 (Philippine time), published a story detailing Facebook’s partnerships with various companies that involved the sharing of data in some measure from 2010 all the way up to 2017.

The newspaper reported on 270 pages of internal Facebook documents generated in 2017 and as well as interviews with former employees of Facebook.

Among the companies named in the report were Spotify and Netflix, whose arrangement with Facebook appears to be the most intrusive to a user’s data privacy. The two companies were given the ability to read Facebook users’ private messages. With the privilege, Spotify and Netflix could read, write and delete users’ private messages, and see all participants on a thread.

The privilege had been given so as to allow users the option to share music through Facebook Messenger. Netflix, meanwhile, no longer has access to the messages since they have reportedly deactivated the features that incorporated it. 

Another company, the Royal Bank of Canada, is reported to have the same privilege, but disputed to NYT that they had any such access. Spotify and Netflix, meanwhile, said they were not aware that they had been granted such access. The report says that these companies may have had access to this kind of data up to 2017, but it isn’t clear whether all privileged access has been removed now. 

Netflix responded after publication of the report, offering their own clarification. They said: “Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook or ask for the ability to do so.”

Adding to the worry is Facebook’s admission to The Times that it had “mismanaged some of its partnerships, allowing certain companies’ access to continue long after they had shut down the features that required the data.”

Along with Spotify, Netflix and the Royal Bank of Canada, here are the other companies mentioned in the report, along with the scope of data access that Facebook reportedly provided them with:

  • Microsoft’s Bing search engine – allowed to see the names of Facebook users’ friends without consent
  • Amazon – allowed to obtain user names and contact information through their network and friends
  • Yahoo! – allowed to view the posts of a user’s friends “as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.”
  • Huawei, Amazon and Yahoo! – Facebook used contact lists from these companies to “gain deeper insight into people’s relationships and suggest more connections, the records show.”
  • Sony and Microsoft  allowed to obtain users’ email addresses through their friends. The Times notes that Facebook said they discontinued the ability so see a user’s contact information through another friend, but the documents reportedly show that such an ability existed even after Facebook’s pronouncement.
  • The New York Times – The newspaper named itself as one of 9 media companies named in the documents. They disclosed that they had access to users’ friend lists, used for an article-sharing application it had discontinued in 2011. They also said that didn’t obtain any data.
  • Apple – empowered by Facebook to hide indicators that their devices were asking for data. Apple said they were not aware of this. 
  • Pandora, Rotten Tomatoes, and Bing – had access to data used in “instant personalization” feature that used Facebook data to personalize what people saw on their respective platforms. Instant personalization was discontinued in 2014 after policy changes spurred on by the US Federal Trade Commission (FTC) but records reportedly show that the 3 companies still had access to instant personalization data up to late summer 2018. Facebook said that this was a mistake while Pandora and Rotten Tomatoes said they were unaware of the special access. 
  • Russian search giant Yandex – reportedly still “had access in 2017 to Facebook’s unique user IDs even after the social network stopped sharing them with other applications, citing privacy risks.”

The documents give a clearer glimpse at how Facebook handles data and how they may use it to further their goals without necessarily selling the data.

By giving other companies access to some user data Facebook, in exchange, was given space on the other companies’ platforms. This boosted Facebook’s growth, gaining users from the many verticals occupied by what they’ve called “integration partners.” Through the partnerships, Facebook sought to grow its userbase, drive more engagement, and ultimately drive up ad revenues. 

“Facebook has never sold its user data, fearful of user backlash and wary of handing would-be competitors a way to duplicate its most prized asset. Instead, internal documents show, it did the next best thing: granting other companies access to parts of the social network in ways that advanced its own interests,” the NYT wrote. 

Whether or not Facebook will be facing legal action due to these partnerships and the arrangements detailed in the documents, are not yet clear as the FTC continues an ongoing investigation. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.