Facebook kept granting private data to high-profile advertisers long after it said it stopped

Some advertisers were put on a whitelist and allowed to continue harvesting data, despite the company's claims

By Nicole Karlis

Senior Writer

Published December 6, 2018 7:00PM (EST)

Mark Zuckerberg (Getty/Chip Somodevilla)
Mark Zuckerberg (Getty/Chip Somodevilla)

On Wednesday, British lawmakers published 250 internal Facebook emails spanning from 2012 to 2015, which bring to light the tech behemoth’s presumably long-standing goal: To turn a profit by monetizing its users’ intimate personal data. The emails shed further light on the corporation's history of blatantly ignoring privacy promises to users and granting special access to private data to favored clients.

The emails were originally obtained by the legal team of Ted Kramer, founder of the app company Six4Three, during the discovery of a 2015 lawsuit which was centered around Facebook’s policy of allowing third-party app developers to access the data of Facebook users’ friends. That same policy — which let third parties harvest the personal data not merely from people who had opted-in, but from their friends who hadn't — also enabled consulting firm Cambridge Analytica to mine user data in order to target voters on behalf of the Trump campaign.

Once Facebook’s policy regarding accessing users’ friends data changed in 2014, Kramer’s Pikinis app —  which scoured Facebook for pictures of women in bikinis — could no longer operate; hence, the lawsuit for breach of contract, as the New Yorker noted. On November 20, Tory M.P. Damian Collins, the chairman of the Digital, Culture, Media and Sport Committee of the British Parliament, demanded Kramer to turn over all the files (how he had them is unclear). Guardian reporter Carole Cadwalladr reportedly tipped off Collins.

Collins summarized the emails that were seized in a preface, stating: “Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.” The existence of a "whitelist" suggests that the company was not serious about protecting user data nor honoring the privacy agreements it claimed to have put in place at the time.

Recall that when news broke about Cambridge Analytica's misuse of users’ data, CEO Mark Zuckerberg said then that the company has a “responsibility” to protect its users’ information.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg wrote. “We also made mistakes, there’s more to do, and we need to step up and do it.”

Zuckerberg elaborated:

In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like [Aleksandr] Kogan's could no longer ask for data about a person's friends unless their friends had also authorized the app. We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan's from being able to access so much data today.

However, as Collins notes in his summary, “It is clear that increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook. The idea of linking access to friends data to the financial value of the developers relationship with Facebook is a recurring feature of the documents."

In a blog post, Facebook tried to play down the controversy, and said that Six4Three “cherrypicked” the emails.

“The set of documents, by design, tells only one side of the story and omits important context,” Facebook said.


By Nicole Karlis

Nicole Karlis is a senior writer at Salon, specializing in health and science. Tweet her @nicolekarlis.

MORE FROM Nicole Karlis


Related Topics ------------------------------------------

Cambridge Analytica Facebook Facebook Privacy Social Media Tory M.p. Damian Collins