News

Facebook denies letting third parties read private user messages

The claim was among the latest accusations made against the social network and its practices around data privacy.
The claim was among the latest accusations made against the social network and its practices around data privacy. The claim was among the latest accusations made against the social network and its practices around data privacy.

Facebook has denied disclosing the contents of private user messages to third-party firms as part of data-sharing deals with some of its partners.

The social network has faced new accusations this week that it gave companies such as Spotify and Netflix greater access to people’s personal data than previously disclosed.

It is the latest incident on a growing list of data scandals to engulf the company this year, but vice president of product partnerships Ime Archibong said claims of disclosing private messages were “not true”.

“We worked closely with four partners to integrate messaging capabilities into their products so people could message their Facebook friends — but only if they chose to use Facebook Login,” he said.

“These experiences are common in our industry — think of being able to have Alexa read your email aloud or to read your email on Apple’s Mail app.”

Mr Archibong said the features enabled users to interact with friends from the social network through other services – for example, letting them know what they were listening to on Spotify or watching on Netflix – and were publicly discussed by Facebook as they were launched.

He said it was made clear they were only available for people who logged in to these services using Facebook, adding that the features were “experimental and have now been shut down for nearly three years”.

He added that the features never allowed third-party services to read any messages.

“In order for you to write a message to a Facebook friend from within Spotify, for instance, we needed to give Spotify ‘write access’. For you to be able to read messages back, we needed Spotify to have ‘read access’. ‘Delete access’ meant that if you deleted a message from within Spotify, it would also delete from Facebook,” he said.

“No third party was reading your private messages or writing messages to your friends without your permission. Many news stories imply we were shipping over private messages to partners, which is not correct.”

Facebook defended itself after a New York Times report suggested the site had allowed more than 150 companies access to user information despite more broadly clamping down on access in the past.

Facebook said many of the features referenced had been made public and widely discussed, but did acknowledge it needs “tighter management over how partners and developers can access information”.

It continues a year of intense pressure on the company over it some of its business practices, following the Cambridge Analytica scandal, a series data breaches and concerns over fake news and other content on the site.

The site is being sued in the US over the Cambridge Analytica incident, which exposed the data of millions of users, while Damian Collins, chairman of the House of Commons Digital, Culture, Media and Sport Committee, said he wants the firm to face more questions from MPs about its work.