×

Netflix Says It Never Accessed Facebook Users’ Private Messages

Netflix had technical access to read — and even delete — personal messages of Facebook users who opted in to its now-defunct social-sharing integration with Facebook. But Netflix says it never exploited that ability.

According to a New York Times report based on internal Facebook documents, the social giant granted more than 150 partners special access to data on millions of users, with privileges beyond what Facebook has previously disclosed. That included giving three companies — Netflix, Spotify and the Royal Bank of Canada — the ability to read, write and delete users’ messages and view all participants on a message thread, per the report.

Facebook said that by necessity, it had enabled read/write/delete access for those partners to Messenger accounts of users who had opted-in to the features in order to make those integrations possible. Facebook also said that those features have been discontinued.

In 2014 Netflix introduced a feature that let members recommend TV shows and movies to their Facebook friends via Facebook Messenger or Netflix. According to Netflix, it had access to the friends’ lists of members who chose to use the feature, but it never accessed (or requested access to) anyone’s actual messages.

“At no time did we access people’s private messages on Facebook, or ask for the ability to do so,” a Netflix spokesman said in a statement. “Over the years we have tried various ways to make Netflix more social. [The Facebook integration] was never that popular so we shut the feature down in 2015.”

Spotify claimed it was unaware that it had the ability to access Facebook messages; RBC denied it had any access to private Facebook messages.

Facebook asserted that none of the partnerships or features that were detailed in the Times report gave companies access to information without users’ permission. “Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner,” Konstantinos Papamiltiadis, Facebook’s director of developer platforms and programs, wrote in a blog post Wednesday in response to the NYT report.

Regarding access to its messaging functions, Facebook said users had to explicitly sign in to Facebook to use a partner’s messaging feature. That let them send and receive messages without leaving the partner’s app. “Our API provided partners with access to the person’s messages in order to power this type of feature,” Papamiltiadis wrote.

Facebook has “no evidence that data was used or misused,” Papamiltiadis wrote, but he acknowledged the company left access to APIs in place even after it ended some of its integration partnerships. Those included agreements with Yahoo, the New York Times and Yandex, a Russian search engine, according to the Times report. Facebook has needed “tighter management over how partners and developers can access information using our APIs,” the exec wrote. “We’re already in the process of reviewing all our APIs and the partners who can access them.”

The exceptional level of access Facebook granted certain business partners — even if those partners didn’t actually abuse those privileges in a way that violated users’ privacy — led critics to suggest that the deals ran afoul of Facebook’s FTC agreement approved in 2012. Under the settlement, Facebook is required to give consumers “clear and prominent notice” and must obtain “their express consent before sharing their information beyond their privacy settings.”

Facebook insisted the partnerships in question did not violate the FTC settlement, claiming partner companies like Netflix and Spotify were “service providers” that used data only for the purposes of providing feature extensions to Facebook.

Critics charged that the latest revelations about Facebook’s business practices with respect to user data demonstrate that it operates in a monopoly-like fashion and can’t be trusted to safeguard consumer information.

“We have to seriously challenge the claim by Facebook that they are not selling user data,” British lawmaker Damian Collins, chairman of the U.K. Parliament’s Digital, Culture, Media and Sport Committee, said in a statement Wednesday. “They may not be letting people take it away by the bucket load, but they do reward companies with access to data that others are denied, if they place a high value on the business they do together. This is just another form of selling.”

According to Facebook, in 2014 it shut down its “instant personalization” features, which had powered search results in Microsoft’s Bing and elsewhere based on info that Facebook users’ friends had shared. Over the last few months, Facebook said, it has terminated almost all of its remaining data-integration partnerships, with a few exceptions: It maintains agreements with Amazon and Apple, “which people continue to find useful and which are covered by active contracts,” Papamiltiadis wrote, as well as Swedish firm Tobii, which sells a product that lets people with ALS access Facebook, and with Alibaba, Mozilla and Opera for browser notifications.

Scrutiny over Facebook’s data-management practices kicked into high gear after the news earlier this year that info on up to 87 million Facebook users was misappropriated by Cambridge Analytica, a data consultancy that was used by Donald Trump’s 2016 election campaign. The Cambridge Analytica scandal, along with evidence of Russian misuse of Facebook’s platform to attempt to influence the 2016 election, led to CEO Mark Zuckerberg’s testifying before congressional committees.

In early December, Collins’ U.K. parliamentary committee released a 250-page report, which included numerous internal company emails, detailing how Facebook granted favored partners including Netflix “whitelist” access to user info while it blocked rivals from accessing its data. Facebook said the documents, obtained through an app developer’s 2015 lawsuit against the company, were “cherry-picked” and lacked context.

And Facebook has disclosed several security breaches and vulnerabilities that exposed user data in recent months. In September, Facebook announced the biggest hack in its history after it discovered a security hole had compromised up to 50 million user accounts. The company later said hackers had successfully accessed data from 29 million Facebook members.

Popular on Variety

More Digital

  • Bristol, CT - March 13, 2017

    Mina Kimes Helps ESPN Kick Off 'Daily' Podcast

    Mina Kimes is preparing to take ESPN into a new frontier. The sports-media giant has launched a “SportsCenter” for Snapchat and tested baseball telecasts for kids. Now it’s hoping to set up shop in another media venue. Starting tomorrow, the Disney-backed company launches “ESPN Daily,” a weekday morning podcast that aims to tap its vast [...]

  • Neilsons Measurment Problems TV Digital

    AT&T's Ad-Tech Unit Xandr Buys Clypd To Help Place TV Commercials More Precisely

    Xandr, the AT&T ad-technology unit, has purchased a new company that helps advertisers use data to place commercials in front of the audiences most likely to want to watch them The AT&T division said Friday it had acquired clypd, a company that helps advertisers move forward in a growing desire by Madison Avenue to run [...]

  • AT&T Logo Building

    AT&T TV Now Price Hike Coming Next Month, Base Package to Cost $65

    AT&T is instituting a substantial price hike for its live TV streaming service AT&T TV Now: Customers who have subscribed to the service’s basic “Plus” package will see their bill go up by $15, to a total of $65 per month, starting next month. The telco has started to inform existing subscribers about the price [...]

  • Disney-Family-Movies

    Disney Family Movies SVOD Service Is Shutting Down Ahead of Disney Plus Debut

    After 11 years, Disney is pulling the plug on Disney Family Movies On Demand — with the service’s shutdown coming just days before the launch of the Mouse House’s Disney Plus. Disney Family Movies, which cost between $5-$10 per month, has been available via pay-TV providers in the U.S., including Comcast Xfinity, Charter Communications, Verizon [...]

  • Amazon Orders ‘All or Nothing: Tottenham

    Amazon Orders ‘All or Nothing: Tottenham Hotspur’ Soccer Doc Series

    Amazon has greenlit a new “All or Nothing” sports documentary series, this time following London-based soccer team Tottenham Hotspur. “All or Nothing: Tottenham Hotspur” will follow a year in the life of the team, charting the ongoing 2019-20 season. The squad made it to the final of the European Champions League last year, losing to [...]

  • Jeffrey Katzenberg

    Jeffrey Katzenberg's Quibi Picks T-Mobile as Wireless Launch Partner

    Quibi, the short-form mobile TV service founded by Jeffrey Katzenberg, announced a pact with T-Mobile to be the official telecommunications partner for its April 2020 launch. T-Mobile will be the exclusive wireless distributor when Quibi launches next spring. However, the arrangement doesn’t mean only T-Mobile customers will be able to subscribe to Quibi: Anyone will [...]

More From Our Brands

Access exclusive content