June 13, 2018
In 2015, Facebook said it ended data sharing of its users’ records with other companies. Now, court documents, company officials and sources reveal that, after that date, Facebook struck so-called whitelist deals to share information with many more companies than previously acknowledged, including Royal Bank of Canada and Nissan Motor, both of which were Facebook advertisers. Among the shared data were phone numbers and the “friend link” that measured degrees of closeness between the targeted user and others in her network.
The Wall Street Journal reports that, “many of these customized deals were separate from Facebook’s data-sharing partnerships with at least 60 device makers, which it disclosed this week.” Facebook said a “small number” of partners “were allowed to access data about a user’s friends after the data was shut off to developers in 2015” and that “many of the extensions lasted weeks and months.”
Facebook vice president of product partnerships Ime Archibong said that, “as we were winding down over the year, there was a small number of companies that asked for short-term extensions, and that, we worked through with them.” “But other than that, things were shut down,” he added.
According to privacy experts, “Facebook users likely didn’t know how their data was being shared.” “I don’t think anyone would have a reasonable understanding of how widespread this was,” said Georgetown Law professor David Vladeck, who directed the Federal Trade Commission’s Consumer Protection Bureau from 2009 until 2013.
He added that, “any deals made after 2012 could draw scrutiny about whether Facebook was in violation of its settlement that year with the FTC, under which the company is required to give the social network’s users clear and prominent notice and obtain their express consent before sharing their information beyond their privacy settings.”
Facebook denies it violated that settlement.
When he appeared before Congress, Facebook chief executive Mark Zuckerberg testified that, “Facebook moved to eliminate broad access to information about users’ friends in 2014,” and that “developers had until May 2015 to comply with the rules.”