Update at 15:42 pm: Netflix’s statement to MediaNama said:

“Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so.”


Earlier at 11:48 am: Internal documents from Facebook reveal that it gave access to users’ personal data to several of the world’s largest technology companies, exempting them from its privacy rules. The development was reported by the New York Times.

  • Facebook allowed Microsoft’s Bing search engine to see the names of all Facebook users’ friends without consent
  • It allowed Spotify, Netflix, and Royal Bank of Canada to read, write and delete Facebook users’ private messages
  • It let Amazon access users’ names and contact information through their friends (via contact lists from partners)
  • It let Yahoo view streams of friends’ posts
  • Sony, Microsoft, Amazon and others could obtain users’ email addresses through their friends, as recently as 2017
  • Apple devices had access to contact numbers and calendar entries of users who had disabled such sharing

The deals described in the documents show that over 150 companies, most of which were tech businesses, benefitted from the partnerships, along with some media organizations and online retailers. All the deals were active as recently as 2017, while the oldest deal dates back to 2011. The partnerships sought the data of “hundreds of millions of people” every month.

The publication accessed 270 pages of internal documents and interviewed 50 former Facebook employees and corporate partners. The new developments raise questions about whether Facebook violated the 2011 consent agreement it signed with the US Federal Trade Commission. The agreement barred the social media giant from sharing user data without explicit consent and permission.

Facebook denies that deals violated user privacy

Facebook’s director of privacy and public policy, Steve Satterfield told NYT that none of the partnerships violated users’ privacy or the FTC agreement. According to him, the deals required the companies to abide by Facebook policies. Most of the partnerships did not require Facebook to secure users’ consent before sharing the data, since Facebook considered the partners as extensions of itself, said Satterfield. Facebook considered them as service providers which allowed users to interact with their Facebook friends.

  • A Facebook spokesperson also told NYT that it found no evidence of abuse by its partners.
  • However, Facebook did acknowledge that it “mismanaged” some of its partnerships, and allowed some companies prolonged access to user data, after it had shut down such features.

Tech giants who signed deals say data was used ‘appropriately’

Amazon, Microsoft and Yahoo claimed that they had used the data appropriately, at the same time, declining to details of the deals.

Also read: Saavn among companies that got extended access to Facebook user data


Read our coverage of Facebook’s privacy concerns here: