Update 1:39 PM ET: We've added an official statement from Netflix.
Facebook is involved in yet another scandal, after revelations that its data-sharing partnerships with numerous companies gave it access to private messages.
A New York Times investigation, drawing from hundreds of pages of internal company documents, has revealed that the social network shared user information with other companies, often in contradiction of its own rules and without the consent of the users themselves. In some cases, companies had access to these data years after it was supposed to have been revoked.
Although many companies are listed in the piece, it's Netflix and Spotify that have been highlighted as being able to access, and even delete, private messages.
In Netflix's case, this came in the form of a recommendation tool. This tool sent Facebook friends messages, via Messenger or Netflix, and was deactivated in 2015 after a year of operating due to a lack of popularity. Netflix has stated in response:
"Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so."
Spotify was another company, according to the report, that was able to read, write or delete users' private Facebook Messenger messages and see the identities of those participating within the chat.
According to the NYT, Facebook's director of privacy and public policy, Steve Satterfield, said that all of these partnerships are within the rules, both of user privacy and the 2011 agreement with the U.S. Federal Trade Commission about only sharing user data with users' permission.
Satterfield also said that Facebook had made errors in its handling of these partnerships, which allowed continued use of data after the formal agreements had ended, and that it was currently working to terminate many of them.
A separate statement said that Facebook had found no evidence of abuse of data by any of its partners. It also published a blog post, explaining the functions of the partnerships, and repeating that none of its actions were against the FTC settlement or in violation of user agreements, and that many of these had been shut down.
The company also noted that "our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner". In other words, if you'd signed into Spotify via your Facebook account — as Spotify required when it first was launched in the United States — Facebook believed you had implicitly consented to Spotify's reading your messages.
It's been a rough year for Facebook, to say the least. While the Cambridge Analytica scandal was the first and largest wake-up call to the platform's billions of users regarding possibly abuses of private information, other transgressions have continued to surface. Most recently, the company itself announced that a bug in its photo API had inadvertently exposed the private (non-timeline) photos of 6.8 million users.