A partnership between Netflix and Facebook reportedly gave the on-demand video streaming giant the ability to read, write, and delete users’ private Facebook messages — something it denies ever exploiting, or asking for in the first place.
From 2014 to 2015, Netflix had a feature that let its users recommend shows and movies to their Facebook friends using Facebook’s Messenger function, a recent New York Times report alleges. Because of this feature, Netflix was one of three companies (the other two are Spotify and the Royal Bank of Canada) Facebook granted a heightened level of access to users’ data.
The report is based on hundreds of internal Facebook documents generated by Facebook in 2017 and obtained by the Times. It further alleges that Facebook engaged in data-sharing deals that benefited more than 150 companies by giving out users’ data (but Netflix, Spotify, and the Royal Bank of Canada were the only ones to receive such a staggering depth of access).
Netflix told the Times that it “would never” read, write, or delete users’ personal Facebook messages. Both it and Spotify said they weren’t even aware of the scope of their Messenger abilities.
In a further statement, a Netflix spokesperson said, per Variety, “At no time did we access people’s private messages on Facebook, or ask for the ability to do so. Over the years we have tried various ways to make Netflix more social. [The Facebook recommendation service] was never that popular, so we shut the feature down in 2015.”
Netflix also reiterated that statement to its Twitter followers — with a cheeky tone some followers seem to think belies the severity of the situation. Not to mention it’s in contrast to a few of the company’s previous marketing campaigns…
— Blake Montgomery 💀 (@blakersdozen) December 19, 2018
The feature that apparently hooked up Spotify with Facebook users’ data (it’s similar to Netflix’s — people can recommend music tracks to friends) is still up and running.
As for Facebook’s response, its director of developer platforms and programs Konstantinos Papamiltiadis wrote a blog post — called Let’s Clear Up a Few Things About Facebook’s Partners — saying Facebook has “no evidence that data was used or misused.”
“Our integration partners had to get authorization from people,” Papamiltiadis said. “You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner.”
But part of what the Times report reveals is that Facebook may have granted companies deeper access to data beyond what even users who gave authorization by knowingly signing in with Facebook realized. As Variety notes, it’s possible Facebook’s actions with Netflix, Spotify, and others violated its 2012 settlement with the Federal Trade Commission (FTC).
The FTC settlement is from a prior round of Facebook’s frequently recurring data privacy problems, and its terms require that Facebook give its users “clear and prominent notice” of what’s going on with their data. It also says users must give “their express consent before sharing their information beyond their privacy settings.”
“To be clear,” Papamiltiadis wrote in Facebook’s response blog, “none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC.”
Facebook has dealt with data privacy issues pretty much from day one, but it’s been under ever-increasing scrutiny since the 2016 election and the revelation that Cambridge Analytica, a data miner with ties to the Donald Trump campaign, harvested data from more than 50 million Facebook profiles without users’ permission.
After what happened with Cambridge Analytica went public, Facebook changed its terms of service to make them clearer for users, and cofounder and CEO Mark Zuckerberg faced a Congressional hearing (as did execs from Twitter and Google) to explain how third parties can access Facebook users’ data. During his hearing, he trotted out the same line as Papamiltiadis, saying users have to give permission before Facebook can do anything with their data.
Photo by Anthony Quintano