Facebook is under scrutiny yet again, this time from a news story suggesting it may have some more issues with its 2011 consent decree with the Federal Trade Commission over protecting, or failing to protect, user data privacy. Facebook doesn't think so.
Facebook gave device makers, including Apple but also dozens of others, access to users' data and that of users' friends, according to an investigation by The New York Times, including in some cases even when those friends thought their data settings prevented such sharing by APIs (application programming interfaces), which were used to recreate Facebook-like experiences on various devices. like the Apple iPhone.
Facebook CEO Mark Zuckerberg had talked about users' control of their data when grilled by Congress earlier this year, but the Times cited House Judiciary Regulatory Reform Subcommittee member David Ciccilline (D-R.I.) as saying, "It sure looks like Zuckerberg lied to Congress" when he talked about users having "complete control" over who sees their data.
"Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring [in the consent decree] that it would no longer share such information with outsiders," the newspaper reported.
Facebook has been winding down those partnerships now that IOS and Android have reduced the need to for the APIs, Facebook said.
"In the furor that followed, Facebook’s leaders said that the kind of access exploited by Cambridge in 2014 was cut off by the next year, when Facebook prohibited developers from collecting information from users’ friends," the newspaper reported. "But the company officials did not disclose that Facebook had exempted the makers of cellphones, tablets and other hardware from such restrictions."
Facebook told the paper that the data sharing did not violate its privacy policies, or the FTC consent agreement or its pledges to users. It said contracts strictly limited the use of the data and that it knew of no case of that data being misused.
In a blog post on the NYT story, Facebook's Ime Archibong, VP or product partnerships, essentially said: "Move along, nothing to see here."
He said the partnerships were tightly controlled by Facebook and that the partners had "signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences."
One high profile Democrat suggested more hearings with edge providers should be in the offing. Republicans control the committee calendar, but there is bipartisan agreement that the power of edge providers over consumer data needs a deeper dive. “It’s deeply concerning that Facebook continues to withhold critical details about the information it has and shares with others," said House Energy & Commerce Committee ranking member Frank Pallone (D-N.J.). "This is just the latest example of Facebook only coming forward when forced to do so by a media outlet. Our Committee is also still waiting for a lot of answers from Facebook to questions Mr. Zuckerberg could not or would not answer at our hearing. The Federal Trade Commission must conduct a full review to determine if the consent decree was violated. Facebook and other data collectors, including these device manufacturers, should be prepared to come before Congress so that we can get a better grasp of the entire data collection ecosystem, and how people’s personal information is being shared and used.”
Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) followed up the NYT story with a letter to Zuckerberg demanding some answers about their data-sharing practices, security monitoring and more.