British lawmaker says Facebook gave select companies access to user data
By CRAIG TIMBERG, ELIZABETH DWOSKIN AND TONY ROMM | The Washington Post | Published: December 5, 2018
A key British lawmaker alleged Wednesday that Facebook maintained "whitelisting agreements" that gave select companies preferential access to valuable user data, echoing a key claim from an app developer that has been embroiled in a lawsuit with the social network in a California court.
Damian Collins, chairman of a British parliamentary committee that has led a wide-ranging investigation into Facebook and its dealings with political consultancy Cambridge Analytica, released a summary of findings along with more than 200 pages of documents Wednesday. Facebook has denied that it offered preferential access to data for major advertisers, as the app developer, Six4Three, has alleged in its suit.
Collins released a limited trove of documents that long have been sealed in a California court, along with a summary saying, "Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not."
Facebook, which has long said it does not sell user data, did not immediately reply to requests for comment but has disputed such allegations in the past, saying that some legal documents filed by Six4Three were misleadingly crafted and do not represent the company's practices or policies.
The documents emerged out of a closely-watched legal battle in San Mateo County federal court in the United States between Six4Three and Facebook. They came into the possession of British authorities last month when Six4Three developer Ted Kramer traveled to London with digital copies of thousands of the documents. British authorities took custody of the documents, sidestepping the sealing order of the California court.
Critics of the company say that the legal documents in the Six4Three case shed light on practices that compromised the privacy of Facebook users and could have violated a 2011 agreement with the U.S Federal Trade Commission.
A small number of documents already became public last week, including descriptions of emails suggesting that Facebook executives had discussed giving access to their valuable user data to some companies that bought advertising when it was struggling to launch its mobile-ad business. The alleged practice started around seven years ago but has become more relevant this year because the practices in question — allowing outside developers to gather data on not only app users but their friends — is at the heart of Facebook's Cambridge Analytica scandal.
Facebook said last week that the picture offered by those documents was misleadingly crafted by Six4Three's attorneys.
Cambridge Analytica, a political consultancy whose vice president was Republican strategist Steve Bannon, gained access to data on 87 million users in ways that Facebook has said was improper but resembled a common practice at the time among app developers. Facebook largely stopped permitting such wide-ranging access to user data in 2015, but it did not stop it for all outside developers at the same time because, the company has said, some needed extensions to keep their software from breaking in ways that would have harmed users.
Cambridge Analytica's acquisition and use of such data for political campaigns has spawned several investigations since it was revealed in news reports in March. In the United States, the Justice Department, the Securities and Exchange Commission and the FTC have been investigating Facebook's handling of this data and its public representations about it.
Since the Cambridge Analytica controversy, lawmakers have repeatedly questioned Facebook about its relationships with data partners. Chief executive Mark Zuckerberg told Congress in April that the company had cut off outsiders' access to friends' data several years ago, but subsequent reports have exposed privileged relationships brokered by the company.
Facebook has not disputed the authenticity of the documents in its battle with Kramer, the Six4Three developer. But the company said that the exhibits in the case were used selectively to give a misleading portrait of decision-making at the company at a time when the social network was sharply limiting the information that app developers could gather from the platform.
"The documents Six4Three gathered for this baseless case are only part of the story and are presented in a way that is very misleading without additional context," Konstantinos Papamiltiadis, Facebook's director of developer platforms and programs, said in a statement last week. "We stand by the platform changes we made in 2015 to stop a person from sharing their friends' data with developers. Any short-term extensions granted during this platform transition were to prevent the changes from breaking user experience."
Kramer's company was the developer of Pikinis, an app that enabled people to find photos of Facebook users wearing bikinis. The app was built on the back of Facebook's data, which Six4Three and thousands of other developers accessed through a feed known as an application programming interface, or API. The data feed enabled Six4Three to scour Facebook for bikini photos of people who were friends with Pikinis' users.