Facebook Allowed Third Parties Read Users’ Messages

From Privacy Wiki
Jump to navigation Jump to search
Facebook Allowed Third Parties Read Users’ Messages
Short Title Facebook Allowed Netflix, Spotify And More To Read And Delete Users’ Private Messages
Location Global
Date December 2019

Solove Harm Aggregation, Disclosure, Breach of Confidentiality
Information Identifying, Communication, Computer Device
Threat Actors Facebook, Netflix, Spotify, Microsoft, Yandex, Royal Bank of Canada, Amazon, Yahoo

Affected Users of Facebook
High Risk Groups
Tangible Harms

Facebook considered some companies, such as Netflix, Amazon etc., as business partners and effectively exempted them from its privacy rules, which led to them having access to users' private Facebook messages.


Around 2010, Facebook linked up with Spotify, the Bank of Canada, and Netflix. Once a user logged in and connected their Facebook profile with these accounts, these companies had access to that person’s private messages. Yandex also was found having access to Facebook’s unique user IDs in 2017.

In total Facebook gave more than 150 companies, including Microsoft, Netflix, Spotify, Amazon, and Yahoo, unprecedented access to users’ personal data - their private messages. Breach of ConfidentialityDisclosure

The media obtained hundreds of pages of Facebook documents, generated in 2017, that show that the social network considered these companies business partners and effectively exempted them from its privacy rules.

Facebook also allowed Microsoft’s search engine Bing to see the names of nearly all users’ friends without their consent, and allowed Spotify, Netflix, and the Royal Bank of Canada to read, write, and delete users’ private messages, and see participants on a thread.

It also allowed Amazon to get users’ names and contact information through their friends, let Apple access users’ Facebook contacts and calendars even if users had disabled data sharing,Breach of Confidentiality and let Yahoo view streams of friends’ posts despite publicly claiming it had stopped sharing such information.

Collectively, applications made by these technology companies sought the data of hundreds of millions of people a month. Aggregation

Laws and Regulations