Facebook founder Mark Zuckerberg. Photo: Tom Williams/CQ Roll Call via Getty Images
In the latest barrage of Facebook privacy news, a fresh report from the New York Times on Tuesday night suggested that Facebook gave its partners even wider access to more user data (including private messages) for a longer time than previously known — and then, Wednesday, the District of Columbia’s attorney general sued Facebook over a slew of privacy complaints.
Why it matters: Silicon Valley insiders have a pretty thick skin when it comes to how much tech companies know about their users and how much they share with partners. Even still, Tuesday's revelations were a shock.
The Times report found that, among other things:
- Netflix and Spotify had access to users' private messages (Netflix says it never asked for or used the access). It was granted presumably to allow sharing of what media they were consuming, but the access could have allowed far more.
- Microsoft had access, unbeknownst to Facebook users, to see the names of all a user's friends.
- Even as Facebook stopped broadly sharing certain user data with partners. It maintains it allowed not only hardware makers, but also companies like Yahoo and Amazon, expanded access.
- As recently as 2017, Facebook was sharing user data with Yandex, the Russian search service. (Ukraine has accused it of feeding info to the Kremlin.)
The other side: Facebook classified most of these partnerships as "service providers," and maintained the relationships were therefore exempt from rules designed to prevent unauthorized data sharing that Facebook accepted as part of a consent decree with the Federal Trade Commission in 2011. The FTC isn't commenting.
Facebook responded in a blog post last night.
- It said that all the sharing reported by the Times was authorized by individual users who linked apps to Facebook or opted in to its personalization services.
The takeaway: It's not clear that any of the partners misused the data. In many cases it's not even clear they wanted the broad access they received. Rather, Facebook appears so focused on growth that it didn't make the effort to create tools that limited access to specifically what the partners needed.
The big picture: Users have spent much of 2018 trying to weigh whether the benefits of social media — chiefly, maintaining connections with friends — outweigh the privacy cost. But each day fresh evidence piles up in the cost column even as the benefits have held steady.
Yes, but: The saving grace for Facebook remains that there's really no credible alternative with the same scale. The choice is to use Facebook and accept the risks, or miss out on the benefits entirely.
- This need not be the equation forever. At this point, it's not a question of whether many Facebook users wouldn't leap at — and even pay for — an alternative, but rather whether anyone can replicate Facebook's scale and reach.
Our thought bubble: Facebook's FTC settlement was in 2011. That's seven years during which the company was on legal and public notice to watch its step when it comes to protecting user data.
- Everything in this story (on top of all the other issues/stories 2018 has brought us about Facebook's cavalier approach to user data) suggests that Facebook simply did not prioritize protecting users' information over cementing business relationships.