Just when the world seemed to be forgetting Cambridge Analytica, Facebook might have another major privacy scandal on its hands.
On Sunday, The New York Times reported that the company may have skirted Federal Trade Commission privacy laws by providing phone makers with access to massive amounts of user data.
For years, Facebook has given more than 60 companies -- including Apple, Microsoft and Samsung -- access to what The Times calls “private APIs.” These APIs apparently helped hardware makers build Facebook apps and integrate Facebook features into their mobile operating systems.
Facebook defended the use of what it calls “device-integrated APIs” on Monday.
When they were first introduced 10 years ago, offering APIs to makers of mobile operating systems and devices was common industry practice, according to Ime Archibong, vice president, product partnerships at Facebook.
“Given that these APIs enabled other companies to recreate the Facebook experience, we controlled them tightly from the get-go,” Archibong asserts in a new blog post.
Among other controls, Archibong insists that Facebook made partners sign agreements that prevented user information from being exploited.
Of course, such agreements didn’t prevent the information of an estimated 87 million members -- most of whom live in the Unites States -- from being “improperly shared” with Cambridge Analytica.
The Cambridge Analytica controversy, which first came to light in March, led to immense scrutiny for Facebook, numerous changes to its privacy practices, and its CEO Mark Zuckerberg appearing before lawmakers on Capitol Hill.
These latest revelations are already generating similar scrutiny.
“Sure looks like [Facebook CEO Mark] Zuckerberg lied to Congress about whether users have ‘complete control’ over who sees our data on Facebook,” Rep. David Cicilline (D-RI), the ranking member of the House Judiciary Subcommittee on Regulatory Reform, Commercial, and Antitrust Law, tweeted on Sunday. “This needs to be investigated and the people responsible need to be held accountable.”
Adding to Facebook’s defense, Archibong said that device-integrated APIs could not integrate users’ Facebook features with their devices without their permission. “Our partnership and engineering teams approved the Facebook experiences these companies built,” he added.
Contrary to reporting in The Times, Archibong also insists the information of users’ Facebook friends was only accessible on devices when users made a decision to share their information with such friends.
In his rebuttal, Archibong makes no mention of the FTC’s 2011 consent degree, which The Times’ story suggests might have been violated.