Skip to main content

Facebook sought to force outside developers to share customer data with the social-media giant or risk losing access to personal information about Facebook users, leaked company documents reveal.

Plans to demand that developers building apps for the platform agree to data-sharing arrangements with Facebook were being vigorously discussed inside the company in the years after Facebook’s 2012 initial public offering, as executives argued that Facebook’s success lay in exploiting as much user data as possible.

Employees also brushed away privacy concerns that would slow the social-media firm’s growth, documents show. Such decisions would land Facebook in hot water with global regulators years later.

The details of the company’s internal discussions are contained in documents sealed by a California court as part of a lawsuit involving Facebook and app developer Six4Three. Some of the documents were seized by a British parliamentary committee investigating the company, which published 250 pages of the court file late last year.

Roughly 7,000 documents from the court file were first reported by digital magazine Computer Weekly, NBC and freelance investigative journalist Duncan Campbell. The Globe and Mail viewed about 170 pages of those documents.

A Facebook spokesperson declined to comment on the documents Wednesday. But in an earlier statement, the social-media firm said the documents had been “cherry-picked” from the court file and did not reflect the full nature of the internal discussions. “The set of documents, by design, tells only one side of the story and omits important context.”

Among the documents released to The Globe is an e-mail exchange from 2012 between Facebook employees complaining that developers were being allowed to freely access data about Facebook users, but weren’t providing enough of their own data in exchange.

“We gave them our crown jewels, and they had complete control over how to integrate it,” wrote Mike Vernal, who was then vice-president for product and engineering. “On the flip side, if we wanted something in return – some value from the partner – we basically had to cajole them into giving it to us.”

Facebook devised a plan to require outside companies accessing information about Facebook users to provide data about their customers to the social-media firm – including by scouring the companies’ websites if the information wasn’t available by other means. “Our strategy is basically – you can access our social graph as long as we can access your social actions (both with user consent),” Mr. Vernal wrote.

In an e-mail exchange from October of 2012 between Facebook chief executive Mark Zuckerberg and Sam Lessin, then-vice-president of product management, Mr. Lessin describes plans to position the policy change not as a way to favour certain business partners, but to protect privacy. “The messaging to the ecosystem becomes that we are depreciating a few things for privacy reasons/to simplify our model for users,” he wrote.

Facebook eventually began restricting the access that outside developers could have to user data. Instead, the company worked to develop a “whitelisting” program that would give a select group of business partners, including the Royal Bank of Canada, access to data, such as lists of users’ friends, in exchange for advertising. In a statement in December, Facebook said it ultimately decided not to require developers to purchase advertising in exchange for access to data.

Documents released by the British parliamentary committee last year suggested RBC was given access to read Facebook users’ private messages as part of a service that allowed customers to send money through Facebook Messenger. RBC shut down the service in 2015.

RBC has denied it was ever able to read users’ messages. The newly released documents do not include any details about whether RBC ever gave any data to Facebook. In a statement, the bank said it did not share customer data with Facebook. “We take customer privacy seriously and do not share individual client information with Facebook, or other advertisers,” bank spokesperson AJ Goodman said.

But the documents paint a picture of Facebook executives focused deeply on finding ways to extract as much value from user data as possible. “You simply allow ways of targeting messages extremely narrowly/leveraging everything known about any person,” Mr. Lessin wrote to Mr. Zuckerberg in 2012.

The two discussed a plan to potentially charge developers for access to users’ data, although Mr. Lessin warned of the risk that developers could potentially leak the users’ information outside the platform.

“I’m generally skeptical that there is as much data leak strategic risk as you think,” Mr. Zuckerberg responded. “I think we leak info to developers, but I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.”

Years later, Facebook would be rocked by scandal after developer Aleksandr Kogan leaked data on millions of users to political consulting firm Cambridge Analytica.

The documents also detail several instances when Facebook employees raised concerns about potential privacy issues that were brushed aside in favour of pushing out products quickly.

In 2015, Facebook employees fretted about an update to the company’s Android app that would allow users to continuously upload their cellphone’s text-message and call-log history to Facebook. “This is a pretty high-risk thing to do from a PR perspective, but it appears that the growth team will charge ahead and do it,” one employee wrote.

Others raised concerns that some apps were sharing data that users had flagged as being private and that underage users were able to see content from alcohol brands.

Editor’s note: This story has been updated to clarify that in a statement in December, Facebook said it ultimately decided not to require developers to purchase advertising in exchange for access to data.

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Report an error

Editorial code of conduct

Tickers mentioned in this story