A report from The New York Times
has accused Facebook of sharing inappropriate amounts of user data with
device manufacturers like Apple, Microsoft, Samsung, and BlackBerry.
Starting 10 years ago, Facebook began making deals with
these companies to help them build Facebook apps for their phones and
tablets and integrate Facebook functionality into their operating
systems. (For example, letting users share photos with Facebook friends
without directly visiting Facebook’s app or website.) In order for these
integrations to function, Facebook gave these companies access to user
data through so-called private APIs. The Times suggests that
the level of access given to companies raises concerns about Facebook’s
compliance with FTC privacy legislation. Facebook rejects this claim and says its deals were “tightly” controlled and above board.
The Times’ story includes one example of how
these private APIs share data. Using a 2013 BlackBerry smartphone, a
reporter used his Facebook account to log on to BlackBerry’s proprietary
Hub software, which combines social network feeds with messaging and
email. After this, BlackBerry’s software was able to retrieve not only
data about the reporter’s 556 Facebook friends (including relationship
statuses and religious and political leanings) but also “identifying
information” belonging to nearly 300,000 friends of the reporter’s
friends.
The Times notes that this level of data sharing
is against Facebook’s current privacy policy, which only allows
third-party apps to request the names of users’ friends. The report says
that Facebook made similar deals with “at least 60 device makers,” but
it is not clear what level of data access was agreed on in each case.
Facebook’s core defense here is that these were necessary
deals, and when users logged on to device makers’ apps or services,
they were able to consent (or not) to share their data. However, as the Times notes, there are similarities between these agreements and the Cambridge Analytica scandal,
which revealed how third-party developers were taking advantage of
Facebook’s loose privacy policies to siphon huge amounts of data from
the company’s platform.
Facebook says the two situations are “very different,”
and indeed, sharing personal data with fly-by-night developers or
marketing firms is not the same as sharing it with big tech companies.
The latter have the resources to protect the information, can be held
accountable if they abuse it, and don’t make money (primarily anyway)
from leveraging user data.
However, what the Cambridge Analytica scandal really
revealed was how today’s digital ecosystem is built on the relatively
free exchange of personal information, and how easy it is for tech
companies to fudge the concept of user “consent” by getting people to
agree to share data without actually understanding what it is they’re
agreeing to. In the case of Facebook’s deals with device makers, it’s
fair to ask whether users who logged in to BlackBerry’s Hub software,
for example, really knew how their information was going to be shared
and used. And while Facebook says that it’s now shutting down
these partnerships (22 have been ended and an unknown number remain),
it’s clear that the company’s preeminent position in the industry was
partly built on these sorts of agreements.
When Facebook’s CEO Mark Zuckerberg appeared before
Congress in March, he stressed that the company gives users complete
control over their data and what happens to it. “Every piece of content
that you share on Facebook you own,” said Zuckerberg. ”You have complete
control over who sees it and how you share it.”
But Facebook’s deals with device manufacturers — even if
they are a common practice — show that “complete control” doesn’t
necessarily mean complete understanding.
No comments:
Post a Comment