Using personal data as a bargaining chip — and giving special privileges to some companies while shutting out many others — appears to contradict Facebook’s repeated promises that it has never sold people’s data, as well as its claims that it restricted data to protect privacy and that its data partners were on an equal playing field. The case also raises questions about Facebook’s compliance with a settlement with the Federal Trade Commission, which stipulated in 2011 that the social network could not give third-party developers access to user data that people thought they had kept private.
In one of the exchanges from the filings, Facebook employees discussed shutting down access “in one-go to all apps that don’t spend … at least $250k a year to maintain access to the data,” according to the trove. The documents reference email exchanges regarding Facebook’s relations with several large commercial partners, including Lyft, Tinder, Amazon.com, Airbnb and the Royal Bank of Canada.
Facebook denies that it exchanged access to people’s data for commercial benefit.
Thousands of pages of court filings, which Facebook is fighting to keep sealed — including in an emergency hearing scheduled for Friday afternoon — illustrate the shrewd strategies the social network employed as it built its advertising empire. The disclosure sheds light on allegations of anti-competitive behavior that could play into efforts by U.S. and European lawmakers to curb the power of technology giants.
Since the Cambridge Analytica controversy highlighted Facebook data policies that allowed a developer to inappropriately access the Facebook profiles of 87 million people, lawmakers have repeatedly questioned Facebook about its relationships with data partners. Chief executive Mark Zuckerberg told Congress in April that the company had cut off outsiders’ access to friends' data several years ago, but subsequent reports have exposed privileged relationships brokered by the company.
The previously redacted email communications by Facebook officials that are part of the case became public late Wednesday when tech news site Ars Technica used a text editor to remove the redaction from a key document and posted it to Twitter. They were first reported on by the Wall Street Journal. (The Washington Post is one of several news organizations that have filed motions to unseal various records in the case.)
Facebook did not dispute the authenticity of the unredacted documents but said that the exhibits in the case were used selectively to give a misleading portrait of decision-making at the company at a time when the social network was sharply limiting the information that app developers could gather from the platform.
"The documents Six4Three gathered for this baseless case are only part of the story and are presented in a way that is very misleading without additional context,” Konstantinos Papamiltiadis, Facebook’s director of developer platforms and programs, said in a statement. “We stand by the platform changes we made in 2015 to stop a person from sharing their friends' data with developers. Any short-term extensions granted during this platform transition were to prevent the changes from breaking user experience.”
The case, which has been moving slowly through San Mateo County Superior Court in Silicon Valley, centers on a time period several years ago when Facebook was gradually closing off free access to app developers previously accustomed to getting large troves of personal data on Facebook users and their friends. At the time, Facebook said it was cutting off the data to protect user privacy. That same data practice sparked controversy this year when the Cambridge Analytica scandal erupted.
The lawsuit got new life this past weekend when British agents seized digital copies of thousands of documents from Six4Three developer Ted Kramer when he was traveling in London last week. The British Parliament is probing Facebook in the wake of the Cambridge Analytica revelations.
Kramer’s company was the developer of Pikinis, an app that enabled people to find photos of Facebook users wearing bikinis. The app was built on the back of Facebook’s data, which Six4Three and thousands of other developers accessed through a feed known as an application programming interface, or API. The data feed enabled Six4Three to scour Facebook for bikini photos of people who were friends with Pikinis’ users.
Spotify, Tinder, dozens of dating and gaming apps, the Obama campaign and Cambridge Analytica were among the developers and organizations that accessed or obtained data from the API, which Facebook had offered freely to developers since 2007. The API gave developers access to people’s friend networks and Facebook posts, which the companies used to find and acquire new customers.
For years, Facebook actively courted developers to build apps that encouraged people to spend more time on its desktop platform. After the rise of smartphones, Facebook eventually became large enough that it didn’t need to rely on developers for engagement and ideas.
In 2014, Facebook announced it was restricting developers' access to the API, citing privacy concerns from users who complained that their data was being shared with outsiders without their knowledge.
Facebook gave the developers a year to reorganize their businesses. Many shut down as a result.
Six4Three alleges that privacy was not the reason Facebook shut down the API. The developer claims Facebook realized that it could use its data feed as leverage, to pressure businesses to buy advertising that would fuel the company’s then-nascent mobile-ad business.
Facebook says that none of the companies mentioned in the documents besides Amazon continued to have access after 2015.
The developer also claims that Facebook was aware that developers were taking data that went beyond people’s privacy preferences, in violation of the 2011 consent decree.
Facebook rejects allegations that it violated the consent decree. That privileged access was debated among Facebook officials as far back as 2012, according to the unredacted email trove.
In one exchange from that year, a senior executive told colleagues that, after discussions with Zuckerberg, executives had decided to limit the API access of businesses that were potentially competitive with Facebook. Facebook would also “require all platform partners agree to data reciprocity,” a term that the plaintiffs allege meant that data would not be given without compensation for Facebook’s ad business.
In another 2013 email exchange about Amazon’s access, one employee asked colleagues whether they would grant Amazon permission to use the API “only if they give in to our asks.”
Another employee responded that because Facebook was in the process of restricting the API, the company would need to “either have a disappointing conversation with Amazon” or work to strike a deal. While the terms of Facebook’s “concessions” were not clear from the exchange, the API was considered free and unrestricted at the time.
Facebook told The Post that Amazon maintained access to Facebook user data because it was an “integration partner” that hosted Facebook apps on its hardware, not only an app developer. (Amazon chief executive Jeffrey P. Bezos own The Post.)
In a different email exchange, a Facebook employee remarked to colleagues that removing access to the API could appear to be “an indirect way to drive” mobile-app installation ads.