Facebook has acknowledged allowing other companies, namely Spotify and Netflix, to access millions of people’s private messages.
Responding to a bombshell New York Times report from Tuesday on how Facebook shared user data with partners over the years, the company said it had given third-party companies extensive access to messages.
It said this was so people could log in to services such as Spotify with their Facebook account and then send messages through the Spotify app.
The company wrote in a blog post:
“Did partners get access to messages? Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.”
Citing internal Facebook documents, The Times said Spotify could see the messages of more than 70 million Facebook users a month. The Times reported that Spotify, Netflix, and the Royal Bank of Canada could read, write, and even delete people’s messages.
Both Spotify and Netflix, however, told The Times they were unaware they had this kind of broad access. Facebook told The Times it found no evidence of abuse. Netflix told Business Insider it didn’t access anyone’s messages.
“Over the years we have tried various ways to make Netflix more social,” a spokeswoman said. “One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook or ask for the ability to do so.”
That Facebook would have deep integrations with third-party partners is not necessarily surprising, as the company’s former privacy chief Alex Stamos pointed out. That can signal a healthy, interoperable ecosystem.
“I’m sorry, but allowing for 3rd party clients is the kind of pro-competition move we want to see from dominant platforms,” Stamos tweeted on Wednesday. “For ex, making Gmail only accessible to Android and the Gmail app would be horrible. For the NY Times to try to scandalize this kind of integration is wrong.”
More troubling to observers, however, was any sense that Facebook gave third parties deep access to user data without properly informing users and gaining permission. Many people tend to assume their private messages on social media will stay private.
Former Federal Trade Commission officials told The Times that Facebook’s newly revealed data-sharing agreements probably violated regulatory requirements.
For Facebook, this is the latest in a steady drip of privacy scandals. It is still struggling with the fallout from the Cambridge Analytica scandal in March and fighting regulatory fines. It has disclosed multiple breaches over the past few months, including a significant hack affecting up to 50 million users disclosed in September.