Facebook is facing fresh scrutiny over its handling of user data following a report that the social network allowed more than 150 companies access to user information.
The latest accusations suggest that the tech giant gave the likes of Microsoft, Amazon and Spotify far greater access to people’s data than it has previously disclosed – though Facebook has hit back, saying it never gave access to user information without their permission.
Documents obtained by the New York Times claim to show that the social network allowed Microsoft’s search engine Bing to see the names of “virtually all” Facebook users’ friends without consent, while Netflix and Spotify were able to read Facebook users’ private messages.
The report also says Amazon could see users’ names and contact information through their friends and that Yahoo could see friends’ posts as recently as this summer.
Many of the deals ended years ago, but some of the systems used remained in place.
“Facebook’s partners don’t get to ignore people’s privacy settings, and it’s wrong to suggest that they do,” said Steve Satterfield, director of privacy and public policy at Facebook.
“Over the years, we’ve partnered with other companies so people can use Facebook on devices and platforms that we don’t support ourselves.
“Unlike a game, streaming music service, or other third-party app, which offer experiences that are independent of Facebook, these partners can only offer specific Facebook features and are unable to use information for independent purposes.”
Facebook said it has “been public about these features and partnerships over the years” and that most are now gone, but admitted it needed to do more.
In July, Facebook disclosed the names of 61 businesses it gave special rights to access user data after blocking such access more broadly.
“We shut down instant personalisation, which powered Bing’s features, in 2014 and we wound down our partnerships with device and platform companies months ago, following an announcement in April,” the company said.
“Still, we recognise that we’ve needed tighter management over how partners and developers can access information using our APIs (application programming interface). We’re already in the process of reviewing all our APIs and the partners who can access them.”
Facebook’s instant personalisation feature ran from 2010 to 2014, but some partners still had access as late as 2017.
Facebook admitted that it should not have left the systems in place after it had shut down the feature, but said it had no evidence that the public information obtainable was used or misused.
“We know we’ve got work to do to regain people’s trust,” Mr Satterfield added.
“Protecting people’s information requires stronger teams, better technology, and clearer policies, and that’s where we’ve been focused for most of 2018.
“Partnerships are one area of focus and, as we’ve said, we’re winding down the integration partnerships that were built to help people access Facebook.”
The social network has been under intense pressure over its practices over the last year, following the Cambridge Analytica scandal, a series data breaches and concerns over fake news and other content on the site.