It also noted that it has “not found evidence that any data was used in violation of our policies” as a result of the continuing access.
Little by little, Facebook has been trickling out changes to how it handles its users’ personal data in the wake of a number of privacy breaches — not just the biggie involving Cambridge Analytica, a breach investigation that is not winding down soon — and a subsequent investigation by regulators.
The announcement specifically impacting Microsoft and Sony comes as the company is also announcing a larger overhaul of its API. This will impact “dozens” of partners, the company said, which had been using it to build Facebook experiences on their own apps or devices “that should have been wound down.” (These integrations typically would have led to intentional — but often unintentional — sharing of contacts and synching of contacts between address books, apps and so on.)
The tech giants had been the last two remaining of a group of 12 select partners (others included Yahoo, which is owned by Verizon, which also owns us, as well as Spotify, Netflix and Blackberry) that had a particularly wide deal with the social network, in which they were allowed to access and use data relating to a users’ friend lists, in addition to data about the users themselves, when those users were logged into their services using their Facebook sign-ins. Most of these deals were wound down after an expose in the New York Times uncovered them and how they were being used.
However, Ime Archibong, Facebook’s VP of product partnerships, notes that a third party had recently alerted the company to a bug, “which led us to investigate and find that, unfortunately, our codebase had enabled continued data access for some of these partners.”
“This was old code supporting known experiences for people, such as being able to use Facebook on an earlier generation PlayStation (PS3 or Vita) or to sync their friends’ contact information with another service,” he explained in the blog post. “Based on our previous commitments, we are ending these partners’ access to friend data immediately. This was our mistake, and we are correcting it.”
Facebook has taken other actions in recent times to improve its privacy policies and in particular how it works with third-party developers, including new controls for people to manage how they use apps in conjunction with Facebook sign-ins and other Facebook integrations; a program for people to alert Facebook to data misuse; and new review process that it will undertake for any new APIs that it builds or updates.
You can view today’s announcement, and Facebook’s subsequent actions, in a few ways.
On one hand, as Archibong describes it, the company’s recalibrating of its many partnerships and overall privacy policies have been a huge undertaking for the social network, “a manual process that involves the examination of millions of lines of code,” in his words. “We’ve explained that this review would likely unearth issues, and we’ve committed to being transparent when we find them.” In that regard, it would seem that the delayed reaction to closing off those last two partners is being cast as an oversight that it’s now working to correct.
On the other hand, the fact that it’s being timed with the FTC announcement is not exactly great: How long has Facebook known about this, and why did it decide to disclose it today? Was it purely a coincidence, or is it trying to mitigate attention to bad news?
Most of all, whether it was an honest mistake, and regardless of the timing, the fact that these two were still lurking and leeching off data, and that it took a third party to alert Facebook to do something, underscores the real issues here: Facebook is like a giant bowl of spaghetti, or a bag of mixed up charging cords. It’s going to take a very long time to straighten this out, and to figure out what leads where, and there are bound to be more revelations that will throw light on this; and others that may stay in the dark for years yet.