More than 150 companies reportedly benefited from “special arrangements” with Facebook for data access, despite assertions by the social network that users had full control of where their data went. Citing hundreds of pages of internal documents, The New York Times reports the deals involved the “data of hundreds of millions of people a month,” and were all active in 2017. Some were said to still be active in 2018. The partners reportedly had access to swaths of data: Search engine Bing was reportedly permitted to see “the names of virtually all Facebook users’ friends without consent”; Spotify, Netflix, and the Royal Bank of Canada were said to be able to read, write, and delete users’ private messages. The Times also reports that Russian search engine Yandex had access to “Facebook’s unique user IDs” in 2017. The Moscow-based company told the newspaper it has never been audited by Facebook.
These reported data deals raise concerns about Facebook’s 2011 consent agreement with the Federal Trade Commission, which banned the social-media giant from giving access to user data “without explicit permission.” Facebook’s director of privacy, Steve Satterfield, told the Times the deals did not violate the FTC deal because Facebook “considered the partners extensions of itself,” and therefore did not need permission. A Facebook spokeswoman also told the newspaper the social network found “no evidence of abuse by its partners.” The damning report adds to several recent revelations of Facebook as a disinformation peddler and a personal data clearinghouse.