Facebook allegedly shared user data with more than 60 device makers — including Apple, Microsoft and Samsung — over the last decade, allowing these corporations access to vast troves of personal information, according to a New York Times report released Sunday evening.
The new report has since sparked backlash among lawmakers on Capitol Hill, who accused Facebook CEO Mark Zuckerberg of lying to them when he testified before Congress in early April.
According to the new report, Facebook repeatedly signed data-sharing deals with smartphone makers, providing device-makers access to popular Facebook features on their phones at a time when the social media giant’s mobile app was still developing, and allowing Facebook to expand its reach.
Those deals gave device makers access to users’ personal information, including their political leanings, relationship status and which upcoming events they planned to attend. Crucially, it also gave device makers access to data about a user’s friend, even if that friend denied Facebook permission to share their data.
“It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission,” Ashkan Soltani, a research and privacy consultant, told the Times.
The report comes hot on the heels of Zuckerberg’s hearings before Congress and the European Parliament over the Cambridge Analytica scandal, where he testified that the social and tech industry should be regulated to a degree, but declined to elaborate on how that should happen. Zuckerberg also refused to provide a concrete “yes” or “no” answer when asked by Rep. Frank Pallone (D-NJ) if Facebook would change its default settings so that users’ data would be protected “to the greatest extent possible,” and notably did not mention anything about Facebook’s contracts with Apple, Google, and other device makers.
That oversight — whether accidental or voluntary — left some lawmakers irate after the Times report dropped on Sunday.
“Sure looks like Zuckerberg lied to Congress about whether users have ‘complete control’ over who sees our data on Facebook,” Rep. David Cicilline (D-RI), the ranking member of the House Judiciary antitrust subcommittee, tweeted. “This needs to be investigated and the people responsible need to be held accountable.”
Sure looks like Zuckerberg lied to Congress about whether users have “complete control” over who sees our data on Facebook. This needs to be investigated and the people responsible need to be held accountable. https://t.co/rshBsxy32G
— David Cicilline (@davidcicilline) June 4, 2018
“It feels a lot like we’ve been here before, @facebook,” Sen. Richard Blumenthal (D-CT) tweeted Monday. “Would you like to revisit your previous statements to Congress about sharing users’ data with third-parties without their consent?”
It feels a lot like we’ve been here before, @facebook. Would you like to revisit your previous statements to Congress about sharing users’ data with third-parties without their consent?
— Richard Blumenthal (@SenBlumenthal) June 4, 2018
In a blog post this week, Ime Archibong, Facebook’s vice president of Product Partnerships pushed back against the criticism, arguing that demand for Facebook necessitated the company working with device makers to deliver the best product they could to as many people as they could.
“All these partnerships were built on a common interest — the desire for people to be able to use Facebook whatever their device or operating system,” Archibong wrote. “Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends.”
The latest revelations place increased pressure on Facebook, which is already facing criticism for its handling of the Cambridge Analytica scandal and is increasingly in the cross-hairs of regulators, both in the United States and in Europe.
In May, the European Union introduced a landmark new piece of legislation called the General Data Protection Regulation (GPDR), which requires corporations to explicitly ask for consent before data collection. Companies that don’t abide by the rules could face fines up to 4 percent of their global revenue — which, in Facebook’s case, could amount to around $1.6 billion dollars.
On Monday, Blumenthal suggested that the company revisit its privacy policies once more and consider drafting a “bill of rights” that would comply with the GPDR.
“Facebook’s secret data sharing partnerships raise urgent new reasons for stronger privacy protections—beginning with a privacy bill of rights modeled on Europe’s new rules (GDPR),” he tweeted.