Facebook denies any breach has occurred

Facebook is rejecting claims that it has breached privacy pledges made to its users and US regulator, Federal Trade Commission(FTC), after the unearthing of its data-sharing practices with device manufacturers.

The 2011 consent decree by the FTC barred Facebook from granting other companies access to the users’ friend’s data without their explicit consent. It seems that Facebook has allowed these restrictions to be bypassed enabling device manufacturers wide-ranging access to this personal data. This access that Facebook allowed to device manufacturers is highlighting concerns over its compliance with the decree.

How’s this happened

Over the last 10 years in a bid to establish itself as the leading social media service, Facebook formed data-sharing partnerships with at least 60 device manufacturers including Apple, Samsung, Amazon, Blackberry and Microsoft. This meant that these companies had open access through private data channels to personal data of Facebook users and their friends.

These partnerships enabled Facebook to spread. Facebook data was spread through mobile devices, televisions and game consoles among other systems all under third-party control.

The device manufacturers could access personal information even after Facebook had informed users that it would not share personal information with third parties without prior user consent. Furthermore, the companies could access personal information of users’ friends who believed they had prohibited any data sharing by denying Facebook permission to share their information with any third parties.

Facebook has reduced these partnerships by 22

Since April Facebook has been reducing these partnerships but many remain. Faced with the aftermath of the Cambridge Analytica scandal where personal data of 87 million users was exploited, Facebook has barred developers from collecting such information from users and users’ friends. However, Facebook kept quiet about the fact that device manufacturers (of phones, tablets and hardware) were exempt from this ban.

Facebook believes the data sharing is in line with its privacy policy as the partnerships were/are under strict contracts limiting the use of the data and that the data has not been exploited.

“The device partners can use Facebook data only to provide versions of “the Facebook experience,” said Facebook officials.

However, it has been shown that some partners can access sensitive personal data of users including religion, political opinions and relationship status.

At Congress, earlier this year Mark Zuckerberg stressed that every piece of content that its users share on Facebook is their own and that the user has complete control over who sees it and how it is shared.

Flagged internally as a privacy issue

These partnerships show a different reality. Even internally this practice was highlighted as concerning and a privacy issue.

Mr Parakilas, who until 2012 headed up third-party advertising and privacy compliance at Facebook said, “This was flagged internally as a privacy issue.” He continued, “It is shocking that this practice may still continue six years later, and it appears to contradict Facebook’s testimony to Congress that all friend permissions were disabled.”

A recent test on a Blackberry device using an app called “The Hub” demonstrates how data can be harvested. A Facebook user with approximately 550 friends was able to collect personal data from 556 of his friends including sensitive personal data like religion and political opinions. Additionally, personally identifiable data of 294.258 friends of his Facebook friends were also obtained.

What did the device manufacturers have to say


Apple relied on access to data for features that enabled users to post photos to the social platform without having to open the Facebook app, among other things. Apple says Since September last year its phones no longer have access to Facebook data.


Blackberry only used data to give its customers access to their Facebook networks and messages.


Microsoft uses the data to enable devices to do things like add contacts and friends and receive notifications.


Declined to respond


Declined to respond

How about Facebook

Facebook does not believe it has violated the decree as it categorises the device manufacturers (hardware partners) as “service providers” and they do not need to seek permission to share users’ friend data with service providers.

A Facebook official stated, “These contracts and partnerships are entirely consistent with Facebook’s F.T.C. consent decree.”

What does this mean for Facebook users

As it stands, it seems Facebook users are unable to track which device manufacturers can access their data as this is also dependent on all the devices that their Facebook friends use. Unfortunately, it appears that some manufacturers are able to override the restrictions that users apply, such as applying settings that prohibit third-party apps from collecting their data. So, currently if you want to be certain that no device manufacturer is accessing your data when using Facebook, the options available are: do not use the social media platform at all (delete it!) or set all sharing settings to private which means friends will be out of the loop too -can’t share with them either which defeats the purpose of the service-doesn’t it?


The New York Times

BBC News: https://www.bbc.co.uk/news/technology-44355560