The hits just keep on coming for Facebook.
On Tuesday evening, the New York Times published a major new investigation which revealed that a number of large companies and big tech platforms were given access to users’ personal data without their knowledge or consent. The “business partnerships,” which began in 2010 and were all active as recently as 2017, had 150 different businesses sharing and trading user data.
Among the businesses identified were Amazon and Sony, which were able to obtain users’ contact information via their friends. Microsoft’s Bing search engine was also allowed to see information about a Facebook users’ friends. Meanwhile Spotify, Netflix and, crucially, the Royal Bank of Canada were able to read, write and delete users’ private messages.
This isn’t the first time Facebook has forged banking business partnerships. In August, it was reported that the company was partnering with several banks in order to create a new banking feature for Facebook Messenger. Among the financial institutions named were Citigroup, Wells Fargo and JP Morgan Chase. The partnerships would allow Facebook access to an incredible amount of private information, including card transactions and checking account balances.
In a statement at the time, Facebook maintained that the service would be completely opt-in, and that “[the company] is not using this information beyond enabling these types of experiences – not for advertising or anything else.”
But bearing in mind the extent of Facebook’s co-operation with the Royal Bank of Canada (not to mention the 149 other companies), as well as Facebook’s extensive history of privacy mishaps, there is plenty of reason to question how this highly sensitive banking data could be used by the social media giant. Hypothetically, for example, it would be incredibly useful for a predatory payday loan company to identify the Facebook accounts of people who are suffering financially, and target their Facebook feeds with ads.
There’s also the open question of what sort of data the banks would receive back, bearing in mind that many of these institutions have had repeated data breaches and technological issues. In August, for instance, hundreds of Wells Fargo customers had their homes foreclosed due to a computer glitch.
The Royal Bank of Canada has disputed the Times’ story, saying that “RBC’s use of the Facebook platform was limited to the development of a service that enabled clients to facilitate payment transactions to their Facebook friends.” The bank claimed the program started in 2013 and shuttered in 2015.
However, RBC was also named in documents released by the British Houses of Parliament earlier this month, with emails showing that it intended to access the data from users’ friends. In the cache of emails, Zuckerberg also wonders aloud if Facebook can become an “informational bank” by leveraging its massive troves of personal information.
In a statement on Tuesday, Facebook pushed back against the Times story.
“First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo… Second, people could have more social experiences – like seeing recommendations from their Facebook friends – on other popular apps and websites.” Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, wrote in a blog post. “To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC.”