(RNN) – Facebook allowed certain companies extraordinary access to its platform, even giving them the ability to manipulate people’s private messages, according to a New York Times report.
The report, published Tuesday evening, was based on internal records and reviews, according to The Times.
The documents reviewed by the paper were apparently generated by an internal system that tracked the company’s execution of business partnerships, and revealed numerous instances in which corporate partners were allowed to bypass privacy controls.
The company insisted it had found no evidence of partners abusing their access.
The report highlighted one particularly invasive example in which Netflix, Spotify and the Royal Bank of Canada were given the ability to read, write and delete the private messages of users.
The Times described those abilities as “privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems.”
It was unclear if the companies actually took advantage of that access, and spokespeople told The Times either that they were unaware they even had it or outright denied ever having it.
Nevertheless, the example illustrated Facebook’s willingness to accommodate business partners in ways that users did not necessarily consent to.
Described as “data partnerships” in the report, The Times noted that they were signed off on from the top, in some cases even by Mark Zuckerberg himself.
In one example, The Times reported that as recently as this summer, Facebook allowed Yahoo access to users’ friends’ posts. And as of last year, Sony, Microsoft, and Amazon could access users’ email addresses through their friends.
The newspaper reported that it reviewed agreements Facebook had with more than 150 companies, all of which were still in place last year.
A Facebook executive, Steve Satterfield, told The Times the company was mothballing the partnership deals.
Former regulators suggested that the company had possibly violated a 2011 agreement with the Federal Trade Commission that limited how the social network could share users’ data.
“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” David Vladeck, who once ran the consumer protection bureau at the FTC, told The Times.
Facebook reportedly also used its partners for data, according to The Times report. That included using the contact lists of Amazon, Yahoo, and Chinese technology giant Huawei to boost its “People You May Know” friend-suggestion feature.
Even The Times itself had special access.
Underscoring how Facebook gave so many partners such wide-ranging privileges that it often seemingly lost track of who could do what, the paper said it had access to users’ friends lists for an application it hadn’t run on the platform since 2011.
The social network giant has faced intense scrutiny since revelations that it failed to stop Cambridge Analytica, a political consulting and data firm, from illicitly harvesting data from millions of users during the 2016 election.
An early investor in the company, Roger McNamee, gave The Times a searing indictment of Facebook’s reliability.
“No one should trust Facebook until they change their business model,” he said.