Facebook is again in the eye of a storm after The New York Times reported that many hardware companies were able to access far more data from the profiles of social media users than earlier understood. This was a result of agreements between Facebook and nearly 60 major firms, including Apple, Samsung, Blackberry, HTC and Microsoft. The agreements that were made over a decade allowed the latter to recreate features of the Facebook on their devices. At the same time, for instance, Blackberry was able to access many categories of data, including messages of users, in addition to collecting data about the friends of users and even the friends of their friends. A spokesman for BlackBerry stressed that it "has always been in the business of protecting, not monetizing, customer data."
Facebook refused to produce a full list of device makers with which it had brokered such arrangements. But the company said it phased out its system in April. It acknowledged that the device-makers may have kept data on their servers but said these agreements had been made at a time when it was common for companies, such as those mentioned above, to have customised versions of social media applications. However, Facebook offered no explanation as to why they did not make substantial changes in the data sharing agreements with smartphone companies years ago.
This has again raised questions as to whether Facebook violated a settlement it brokered with the FTC (Federal Trade Commission) in 2011 over another privacy mishap. At the centre of that agreement was a requirement that Facebook be more transparent about the data it collects about its users.
David Vladeck, a former official at the commission, said Facebook may face civil penalties for its activities. According to Vladeck, the penalties may include a “court-ordered monitoring of Facebook’s business practices and injunctions against its handling of consumer’s data, or a heightened monitoring by the FTC.”
Under the 2011 agreement, Facebook is required to obtain permission before sharing a user's private information with a third party in a way that exceeds that user's existing privacy settings. The agreement defines ‘third party’ to include a whole host of other individual entities, potentially like advertisers or app-makers. But it exempts "service provider[s]" who help Facebook carry out basic functions of its site. However, Facebook maintains that companies like Samsung or BlackBerry in such cases are suppliers, not third parties. In a blog post, a company executive also stressed Monday that "friends' information, like photos, was only made accessible on devices when people made a decision to share their information with those friends." Vladeck however said that Facebook had not clarified how it got consent to share the data from users, and even though the smartphone companies may be seen as first parties by Facebook, they were not in the consent decree.
Facebook received a lot of flak around the world over the Cambridge Analytica scandal, where the company was able to gain access to personal information of 87 million people from their Facebook profiles. This information is believed to have been used in campaigns, including in the US Presidential elections and Brexit. The revelation of further dirty tricks employed by Cambridge Analytica as part of its electoral campaigns by its former CEO Alexander Nix further added to the controversy.
Facebook responded with a slew of apologies and Mark Zuckerberg testified before committees of the US House of Representatives and Senate where he took responsibility for the scandal and promised to improve users’ control over information but stopped short of giving any concrete commitments. But stories continue to break of the data of users being compromised in various ways, leading to serious questions of whether the firm is capable of or committed to ensuring the safety of its users’ information.