Facebook's Latest Data Lapse Draws Critique From LawmakersBy , , and
The social network argues against claims in the New York Times
Facebook says sharing is intended to help devices with its app
Facebook Inc. is disputing a New York Times report about how it shares data with device makers from Apple and Amazon to Samsung. But U.S. lawmakers were skeptical and demanded more accountability for Facebook’s frequent privacy lapses.
“Sure looks like Zuckerberg lied to Congress about whether users have ‘complete control’ over who sees our data on Facebook," Representative David Cicilline of Rhode Island, the top Democrat on a House subcommittee overseeing antitrust issues, wrote on Twitter, referring to the Facebook CEO. “This needs to be investigated and the people responsible need to be held accountable."
The New York Times reported Facebook had struck deals with device manufacturers that allowed them full access to information on users and their friends. But the company contends those pacts were intended to help device makers create their own versions of Facebook apps, and the data mostly remained on phones that accessed it. That kind of arrangement was necessary before phone operating systems relied on app stores, it added.
It seemed like one more damning revelation as Facebook and other internet companies are grappling with a global backlash over the extent to which they hoover up and handle user data. The New York Times said the vast amounts of information shared with Apple Inc. and other phone-makers included data on users’ friends that had supposedly barred access. The report raised questions about whether Chief Executive Officer Mark Zuckerberg misled Congress in testimony earlier this year, and whether the company was in violation of its decree with the Federal Trade Commission to obtain consent from users about how their information is shared.
The revelations are “a troubling reminder that the expectations tech companies set for consumer protection sometimes differ from what is actually delivered,” a spokeswoman for the House Energy and Commerce Committee, which oversees several tech issues and questioned Zuckerberg in April, said.
The committee’s top Democrat, Representative Frank Pallone of New Jersey, said “the Federal Trade Commission must conduct a full review to determine if the consent decree was violated,” and that “Facebook and other data collectors, including these device manufacturers, should be prepared to come before Congress.”
The FTC, which is the lead U.S. agency for enforcing companies’ adherence to their own privacy policies, declined to comment, but the agency is already examining Facebook’s compliance with a 2011 consent decree in the Cambridge Analytica case. The FTC could fine the company into the millions of dollars if it finds a violation.
Facebook said it had begun dismantling pacts with device makers dating back as far as a decade -- when the social network was rarely directly installed on phones. Hardware manufacturers used Facebook’s software tools to allow their own users to access contacts or post photos to their profiles, among other things, the company said in a blog post.
“There were no app stores at the time and this was the only way to make our product work on their devices. We tightly controlled these APIs from the get-go,” Ime Archibong, Facebook’s vice president of product partnerships, said in an interview. “These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences.”
Archibong said Facebook approved each of the experiences that were built, and that they worked differently to its public, platform APIs. The company has since terminated 22 partnerships with device makers, he added.
European lawmakers also voiced their concerns. Andrea Jelinek, who’s in charge of policing the European Union’s data privacy law, said in an interview that regulators on the continent intend to examine the reports.
Separately, Hamburg privacy regulator Johannes Caspar described the reports as “absolutely alarming.”
“It’s high time to stop any illegal practices of Facebook especially transferring user data to third parties," he said by email. “The sharing of highly sensitive data of non-consenting users with device manufacturers is an unprecedented violation of privacy laws and user trust. This is exactly one of the scenarios why GDPR was brought into force."
GDPR is the European Union’s stringent regime governing how data collectors gather and use its citizens’ information. It took effect last month.
Facebook’s share price plunged 10 percent in March after the Cambridge Analytica scandal erupted. Since then, it’s not only recovered, but on Friday closed at a record $193.99. Shares of Facebook were down less than 1 percent to $193. 42 at 3:00 p.m. in New York.
Facebook is retooling its approach amid a global consumer and regulatory backlash. Critics accuse its news feed algorithm of spreading misinformation and terrorism content among 2 billion-plus users. Lax policies around sharing data with third parties led to the leak of information to consultancy Cambridge Analytica, which worked on successful Republican campaigns, including that of President Donald Trump.
An app developer gave information on up to 87 million Facebook users to Cambridge Analytica mostly without their permission, setting off an uproar over data privacy. That developer was able to make the deal with the firm because the data was stored on his servers. Facebook said that in the device partnerships described by the New York Times, personal data was mostly processed on users’ phones.
Facebook however doesn’t view device makers as outsiders -- allowing them deeper access, the New York Times reported. It said it discovered some device partners could retrieve users’ relationship status, religion, political leanings and upcoming events, among other things.
“We’re not aware of any people’s information being misused by these companies,” Archibong said.
Roger McNamee, the Facebook investor who is now one of the company’s top critics, said that while the program may have restricted device-makers’ access to Facebook users’ data, Facebook may not be fully aware of what was done with the data and some people may still have misused it.
"We have to allow for the possibility that abuse has occurred," he said.
— With assistance by Naomi Nix, and David McLaughlin