Facebook Back on the Defensive, Now Over Data Deals With Device Makers

Posted June 4, 2018 9:00 p.m. EDT

Facebook endured a new wave of criticism from lawmakers and regulators in the United States and Europe on Monday after disclosures that the social media giant had allowed dozens of hardware manufacturers access to its trove of personal user data.

Just months after being forced to explain its privacy measures and pledging reforms in the wake of the Cambridge Analytica scandal, Facebook found itself on the defensive once again, fending off questions about whether company executives had misled elected officials and why it had not fully disclosed the data-sharing agreements during recent testimony in the United States and Europe.

The European authorities who last month enacted the world’s strictest data privacy law said Facebook’s sharing of personal information with cellphone-makers and other manufacturers deserved further investigation. Germany’s top privacy regulator, Johannes Caspar, called Facebook’s partnerships “an unprecedented violation of privacy laws and user trust.”

And New York’s attorney general, Barbara Underwood, said her office would expand its investigation of Facebook’s data practices to include Facebook’s sharing with hardware manufacturers.

The broad scope of Facebook’s data partnerships — with Apple, Samsung, Amazon and other companies that make or sell phones, tablets, televisions and video game consoles — was reported by The New York Times on Sunday, showing that Facebook had exempted at least 60 hardware-makers from restrictions imposed on other companies in 2015. Those restrictions were intended to prevent games and other apps from gaining access to the Facebook information of their customers’ friends.

“I’m extremely concerned that we are just now learning that even more personal user data was provided without consent,” said Sen. Amy Klobuchar of Minnesota, a senior Democrat on the Senate Judiciary Committee, and one of the lawmakers who questioned Facebook’s chief executive, Mark Zuckerberg, at a hearing in April.

Zuckerberg and other Facebook executives have repeatedly cited the 2015 restrictions to assure policymakers that no outside company could again harvest swaths of personal information without the explicit consent of users, as a contractor for Cambridge Analytica did in 2014. But Facebook officials said this week that they did not consider hardware partners to be outside companies, under the terms of Facebook’s privacy policies and a 2011 consent decree with the Federal Trade Commission.

When Facebook delivers data to a partner device, a Facebook executive said in a statement posted on the company’s website Sunday night, the device-maker effectively functions as an extension of Facebook. And when Facebook users decide to share photos or phone numbers with their friends, they also consent to having that information flow to any partner devices their friends use.

“Friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends,” said the executive, Ime Archibong. “We are not aware of any abuse by these companies.”

But some U.S. lawmakers criticized Facebook’s rationale and urged the FTC to review whether the partnerships violated Facebook’s promises to the regulator.

“I think this explanation is completely inadequate and potentially disingenuous,” said Sen. Richard Blumenthal, D-Conn., ranking member of the Senate subcommittee charged with consumer protection. “I think Mark Zuckerberg’s testimony raises very serious and severe questions about Facebook’s credibility.”

Rep. David Cicilline of Rhode Island, the top Democrat on the House antitrust subcommittee, responded even more harshly.

“Sure looks like Zuckerberg lied to Congress about whether users have ‘complete control’ over who sees our data on Facebook,” Cicilline wrote on Twitter.

Senior Republicans also said the partnerships merited further review.

Sen. John Thune, R-S.D., said in a statement that The Times’ reporting “raises important questions about transparency and potential privacy risks for Facebook users.” Thune said the Senate Commerce Committee, of which he is chairman, would seek more information from Facebook.

The FTC is already investigating whether the access to friends’ data that Facebook allowed until 2015 violated the terms of its earlier consent decree with the regulator. Rohit Chopra, a current FTC commissioner, declined to comment on any specific company or investigation, but said he believed that the commission would act to enforce any agreements it had with companies.

“Too often, sensitive consumer data gets shared and copied over and over again to a point of no return,” Chopra said. “FTC orders are not suggestions. When companies violate them, there can be serious consequences.”

Since the Cambridge Analytica scandal broke in March, Facebook executives, including Zuckerberg, have appeared before officials in Washington, London and Brussels. But on Monday, Facebook leaders, including the company’s departing security chief, took to another social media platform — Twitter — to fend off criticism of its privacy policies. The company also addressed U.S. lawmakers from its own Twitter account, saying that no users’ privacy had been violated by the data partnerships. Other privacy experts also weighed in, including one engineer at Facebook’s advertising rival, Google. And executives at Apple — which took advantage of Facebook’s data-sharing until last year — took a swipe at Facebook’s privacy settings during a developer’s conference Monday.

During the event’s keynote address, Craig Federighi, an Apple senior vice president, unveiled a new feature that will let Apple users more easily control what sort of information is shared with Facebook and other social media companies.

Federighi chose to demonstrate the new feature onstage by showing Apple’s Safari browser open to a webpage. Above it, a pop-up graphic appeared.

“Do you want to allow ‘’ to use cookies and website data while browsing ‘’?” the pop-up read.