Just about 24 hours ago, we published a story recapping Facebook's terrible 2018. But the year isn't over, and it looks like the drama is going to continue until the bitter end. According to an investigation by The New York Times that cites interviews with more than 60 people, including former Facebook employees, the company gave Amazon, Microsoft, Netflix, Spotify and other tech firms far greater access to user data than previously disclosed. Earlier this month, the paper reported how some of these companies were receiving favored access to people's information, but we didn't know it was allegedly giving certain ones the ability to read, write and delete private messages.
The data sharing was so deep that even Facebook's business partners were surprised by it: Spotify said it was unaware of this special access while Netflix claims it never checked people's private messages on Facebook nor did it ever "ask for the ability to do so." Apple, meanwhile, was white-listed to view users' phone numbers and calendar entries, but it said it was not aware of this special access. In a blog post last night, titled "Let's Clear Up a Few Things About Facebook's Partners," Facebook said these data-sharing partnerships were about two things:
"First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners.
Second, people could have more social experiences -- like seeing recommendations from their Facebook friends -- on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify."
The biggest issue with Facebook, which hasn't responded to our request for comment, is that it always waits until after a bombshell to clarify its policies -- that's how it got into this mess to begin with. And if we were already questioning why anyone should trust Facebook with their data, especially after what happened with Cambridge Analytica, this latest story is the clearest example yet of why people shouldn't. That's saying a lot, too, considering that it seems like every week there's new information about how Facebook mishandles user data.
This is also going to draw additional questions from lawmakers in the US, who are already deeply concerned with how Facebook operates and are pushing for stronger federal oversight. Under the 2011 Federal Trade Commission consent decree, Facebook agreed to get authorization from users before sharing any of their data as well as to notify them in the event of any unauthorized access. Facebook says that "none of these partnerships or features gave companies access to information without people's permission."
But while users may have willingly connected their Facebook account with Spotify or Netflix, that doesn't mean they knew those apps were going to be able to read their private messages. Even if Facebook's partners claim they didn't take advantage of such special access, the company needs to do a better job of making sure its policies and terms of service are easier for everyone to understand.
In November, after a damning exposé from The NYT that detailed the company's efforts to contain, deny and deflect negative stories, I asked Facebook CEO Mark Zuckerberg during a call with reporters why people should continue to trust the company with their data. "I think people want to be able to trust our intention and that we're going to learn and get stuff right," he said. "I don't think anyone expects every company to get everything right the first time, but I think people expect companies to learn and to not continue making the same mistake and to improve and learn quickly once you are aware of issues."
These are "complicated issues" the company faces, Zuckerberg added, noting that Facebook has a three-year project in place that's designed to solve its security and privacy problems. "We're committed to getting this right and continuing to make progress on this," he said. "And over time, I think that that's why people will trust us, because we're going to get to the point where -- if we're not already -- we will be the best at this."
At this point, though, it's almost impossible to give Facebook the benefit of the doubt. People's real and sensitive private information is at stake. And with governments all over the world already looking to enforce tougher regulations, if these types of incidents keep happening, Facebook is in for a rude awakening in 2019.