TR Daily Privacy Legislation Urged Over New Facebook Report
Wednesday, December 19, 2018

Privacy Legislation Urged Over New Facebook Report

A report by the “New York Times” that internal Facebook, Inc., documents indicate the social media platform shared user data with other tech firms more extensively than previously revealed — including giving Microsoft Corp.’s Bing search engine access users’ lists of Facebook friends without consent and giving Netflix and Spotify access to the content of users’ private messages — has triggered renewed calls for strong federal privacy legislation and for the Federal Trade Commission to look into the latest revelations and take enforcement action.

In a blog post, Facebook disputed the interpretation of this access by the “New York Times” story issued last night, saying that the information access was about “helping” users.

“First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners. Second, people could have more social experiences — like seeing recommendations from their Facebook friends — on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify,” Konstantinos Papamiltiadis, Facebook’s director–developer platforms and programs said in the blog post.

“To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC,” Mr. Papamiltiadis said.

Facebook and the FTC reached an agreement to settle the FTC’s investigation into alleged privacy violations by the company in 2011, and the agreement was finalized in 2012 (TR Daily, Aug. 10, 2012). The settlement agreement required Facebook to strengthen its privacy policies.

Mr. Papamiltiadis said that “these features” enabled Facebook users to “access their Facebook account on their Windows Phone device”; to get notifications about their Facebook activity while using Safari or other browsers; to consolidate their news feeds across Facebook, Twitter, and other services; to make recommendations about songs on Spotify to friends; to obtain search results “in Bing and elsewhere based on public information their friends shared”; and to “find friends on Facebook by uploading their contacts from email providers like Yahoo.”

“We’ve been public about these features and partnerships over the years because we wanted people to actually use them — and many people did,” he continued.

“But most of these features are now gone. We shut down instant personalization, which powered Bing’s features, in 2014 and we wound down our partnerships with device and platform companies months ago, following an announcement in April. Still, we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs [application programming interfaces]. We’re already in the process of reviewing all our APIs and the partners who can access them,” he added.

Mr. Papamiltiadis said that over the last several months Facebook has shut down nearly all of the integration partnerships that used the access discussed in the blog post, except for partnerships “with Amazon and Apple, which people continue to find useful and which are covered by active contracts; Tobii, an integration that enables people with ALS to access Facebook; and browser notifications for people who use Alibaba, Mozilla and Opera.”

He said that integration partners only gained access to users’ Facebook information if they signed in with their Facebook accounts to use the integration.

Regarding access to users’ private messages, he said that “people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.”

He acknowledged that Facebook left the APIs for instant personalization, which involved users’ “public information,” in place after shutting down the program.

Sen. Ron Wyden (D., Ore.) today cited the latest Facebook privacy revelations as evidence of the need for “strong privacy legislation,” such as a bill he introduced last month, which authorizes fines and prison sentences for corporate executives “who lie to the government about protecting consumers’ privacy” (TR Daily, Nov. 1).

“Mark Zuckerberg had a lot of chutzpah telling Congress that Americans could control their data, when seemingly every other week Facebook faces a new privacy scandal for abusing our personal information,” Sen. Wyden said, referencing testimony by the Facebook chief executive officer last spring apologizing for, defending, and explaining his company’s data collection and content review practices (TR Daily, April 11).

“Sheryl Sandberg told me that personal privacy is a matter of national security, while we now know that Facebook shared vast amounts of data with Russian and Chinese telecom companies with strong links to their governments. When foreign governments have ready access to Americans’ data, it makes it even easier for them to microtarget us with divisive messages and false content designed to undermine our democracy,” Sen. Wyden added, referencing a more recent Senate Intelligence Committee hearing at which the Facebook’s chief operating officer responded to concerns about election interference on its platform (TR Daily, Sept. 5).

“When companies repeatedly lie to Congress and the American people about what they do with our messages, location, likes and everything else, Congress has a duty to do something about it. I wrote a tough new consumer privacy bill to punish companies — and even put CEOs in jail — if they lie about protecting your privacy. Clearly these people need some skin in the game before they will take Americans’ privacy seriously,” Sen. Wyden added.

Meanwhile, Sen. Richard Blumenthal (D., Conn.) wrote FTC Chairman Joseph J. Simons to ask that the agency “act swiftly to prevent further consumer harm.”

The “New York Times” report “confirms that Facebook violated it[s] consent order with its data-sharing deals, and that those at the very top, including Mark Zuckerberg, were aware of it,” Sen. Blumenthal said. He called on the FTC to pursue “pursuing strong legal remedies and major penalties on behalf of the consumers harmed by Facebook’s conduct.”

“While news of Facebook’s conduct continues to unfold, I am concerned that the FTC seems to be sitting on the sidelines, allowing Facebook and its handpicked auditing companies to vouch for the company. Meanwhile, reporters have aggressively pursued this story and uncovered significant new facts,” Sen. Blumenthal continued.

He said the “New York Times” story painted a “disturbing picture of how Facebook was responsible for the massive data sharing of millions of Americans without their consent. According to the report, Facebook justified its development of data-sharing relationships across a wide range of industries, and including foreign companies like the Russian search giant Yandex, by deliberately misinterpreting a ‘service provider’ exemption in the FTC consent decree, which outlined Facebook’s oversight of third parties. As a result, Facebook thought that it could skirt requirements in the consent decree that Facebook take steps to ‘verify the privacy or security protections that any third party provides’ and ‘obtain the user’s affirmative express consent’ for the sharing of any user’s information.”

Sen. Blumenthal asked for a response from the FTC by Jan. 11.

Responding to the “New York Times” report, Public Knowledge Policy Counsel Charlotte Slaiman said in a statement, “If these allegations are true, Facebook violated users’ trust and likely the FTC’s consent decree.

“Together with the recent revelations from the UK Parliament [TR Daily, Dec. 5], yesterday’s NYTimes story paints a picture that's becoming clearer and clearer: Facebook apparently recognized the very high value of this private user data, traded it freely to curry favor with other powerful tech giants, and may have even withheld data strategically from potential competitors,” Ms. Slaiman continued.

“The FTC should consider this in their current investigation of Facebook, making sure to craft remedies that will protect users’ private personal data as well as fostering competition both on and off the platform. But perhaps more importantly, Congress must take up the issue of the power of digital platforms in the coming year. Americans deserve privacy and competitive markets. The soft touch, self-regulation approach to this industry is far past its expiration date,” she added.

Sarah Miller, chair of Freedom From Facebook, said, “This is a make-or-break moment for the FTC. The flagrancy with which Facebook has flouted its consent decree shows it doesn’t take the agency seriously. The idea that Facebook should be broken up, or never allowed to acquire Instagram and WhatsApp, has gone mainstream. If the FTC wants to be taken seriously again — not only by corporations but by the public, on whose behalf it is expected to work — the FTC can’t allow Facebook’s monopoly to continue to exist.”

Members of the Freedom From Facebook coalition, which was formed earlier this year, include Demand Progress and MoveOn Civic Action (TR Daily, May 21). —Lynn Stanton, [email protected]


Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More